生成密钥

1
2
3
4
5
6
ssh-keygen \
-m PEM \
-t rsa \
-b 4096 \
-C "laowang@qq.com" \
-N my_ssh_passwd

Install OpenSSH

1
2
# >>>
Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'
1
2
3
4
5
6
<<<
Name : OpenSSH.Client~~~~0.0.1.0
State : NotPresent

Name : OpenSSH.Server~~~~0.0.1.0
State : NotPresent
1
2
3
4
5
6
# >>>
# Install the OpenSSH Client
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0

# Install the OpenSSH Server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
1
2
3
4
<<<
Path :
Online : True
RestartNeeded : False
1
2
3
4
5
6
7
8
9
10
11
12
13
14
# >>>
# Start the sshd service
Start-Service sshd

# OPTIONAL but recommended:
Set-Service -Name sshd -StartupType 'Automatic'

# Confirm the Firewall rule is configured. It should be created automatically by setup. Run the following to verify
if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {
Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."
}

Uninstall OpenSSH

1
2
3
4
5
# Uninstall the OpenSSH Client
Remove-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0

# Uninstall the OpenSSH Server
Remove-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

Configuration OpenSSH

Default Terminal

1
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force

File

  • C:\ProgramData\ssh\administrators_authorized_keys
  • C:\ProgramData\ssh\sshd_config
  • C:\Users\<UserName>\.ssh\authorized_keys

Config

  • StrictModes no
  • PubkeyAuthentication yes
  • !!! PasswordAuthentication no !!!
  • !!! PermiEmptyPasswords no !!!
  • AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

Debug Model

1
2
Stop-Service sshd
C:\Windows\System32\OpenSSH\sshd.exe -d

Other

1
2
3
Restart-Service sshd  # 重启服务
Stop-Service sshd # 停止服务
Start-Service sshd # 开启服务

XRSec has the right to modify and interpret this article. If you want to reprint or disseminate this article, you must ensure the integrity of this article, including all contents such as copyright notice. Without the permission of the author, the content of this article shall not be modified or increased or decreased arbitrarily, and it shall not be used for commercial purposes in any way