Learn how to use SSH natively within Windows 10 to secure communications between network devices.

By now, IT pros should be familiar with, use, and promote security best practices in all aspects of their management tasks when working with various devices on a network. While encrypting data at rest on drives ensures the confidentiality of that data on a disk, Secure Shell (SSH) works by encrypting the communication between devices (in a client-server model) so that management commands may be passed on securely, without the fear of compromising credentials over cleartext.

SSH also adds another layer of protection by relying on digital fingerprints that are unique to each device to verify that the device’s integrity is maintained and that a rogue device by way of a man-in-the-middle attack hasn’t been inserted to divert commands and capture critical data.

For years, Windows users have relied on third-party tools to provide SSH capability while Linux and macOS have benefited from this secure protocol being baked in. However, with Microsoft’s release of the 1809 version of Windows 10 this past October, it too now supports the open-source implementation of OpenSSH natively as well for both client and server modes and can be accessed through CLI or PowerShell directly.

Installing OpenSSH via settings

The OpenSSH client is installed by default. However, if you need to install OpenSSH server or merely reinstall either of these two, launch Settings | Apps & Features, then click on the link titled Manage optional features (Figure A).

201912-figure-a.jpg
Figure A

By clicking on the « + » Add a feature button, you’ll be brought to a list of available, optional installs. Simply click on the item named OpenSSH Server and click on the Install button under that item to add it to the list (Figure B).

201912-figure-b.jpg
Figure B

Installing OpenSSH via PowerShell

Launch PowerShell and type in the cmdlet below to install each version of OpenSSH:

Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0

Initial configuration of OpenSSH service

Launch PowerShell, and type in the following cmdlet to start the service:

Start-Service sshd

Next, type in the following cmdlet to configure SSH to run automatically when the device starts up:

Set-Service -Name sshd -StartupType 'Automatic'

Last, type in the following cmdlet to confirm that the Firewall rule is automatically created to allow SSH traffic coming in or that the device is listening on the default port:

Get-NetFirewallRule -Name *ssh*

That’s it. OpenSSH for Windows is now natively installed and configured for first use. For those with experience using SSH it, establishing connections is made the same way by typing the following command format from the CLI or PowerShell:

ssh username@servername.domain

The first time a connection attempt is made to that server the digital fingerprint mentioned before will display, and you will be prompted to authorize whether you wish to proceed connecting to the server by entering yes or no. Clicking yes will establish the initial connection and begin the authentication process. Here you will be prompted to enter the password for the username specified previously. The credentials will not be displayed and will be sent completely encrypted to the server device. Once authenticated, the CLI or PowerShell prompt should change to identify the username@servername of the server you are connected to, followed by a space, then the directory path you are currently working remotely from, however, commands will carry out just as though you were sitting directly in front of the computer.