Link: Microsoft
Since early 2019 , windows 10 includes SSH applications
To install OpenSSH, start Settings then go to Apps > Apps and Features > Manage Optional Features. Scan this list to see if OpenSSH client is already installed. If not, then at the top of the page select “Add a feature”, then:
- To install the OpenSSH client, locate “OpenSSH Client”, then click “Install”.
- To install the OpenSSH server, locate “OpenSSH Server”, then click “Install”.
%WINDIR%\System32\OpenSSH
C:\Windows\System32\OpenSSH
ssh.exe, which is the SSH client component that runs on the user's local system
ssh-keygen.exe generates, manages and converts authentication keys for SSH
ssh-agent.exe stores private keys used for public key authentication
ssh-add.exe adds private keys to the list allowed by the server
ssh-keyscan.exe aids in collecting the public SSH host keys from a number of hosts
sftp.exe is the service that provides the Secure File Transfer Protocol, and runs over SSH
scp.exe is a file copy utility that runs on SSH
sshd.exe, is the SSH server component that must be running on the system being managed remotelyManaging Keys
- ssh-keygen for generating secure keys
- ssh-agent and ssh-add for securely storing private keys
- scp and sftp to securely copy public key files during initial use of a server
Enable SSH Agent
# On an Administrator Powershell
Get-Service -Name ssh-agent
Get-Service ssh-agent | Select StartType
Get-Service -Name ssh-agent | Set-Service -StartupType Manual
# Start the ssh-agent service to preserve the server keys
Start-Service ssh-agent
Get-Service ssh-agentCode language: PowerShell (powershell)Generate SSH keys
# If invoked without any arguments, ssh-keygen will generate an RSA key. default is 3072 bits
# ssh-keygen will by default write keys in an OpenSSH-specific format.
ssh-keygen
# Generate an RSA key of 4096 bytes.
ssh-keygen -b 4096Code language: PowerShell (powershell)Add Private key to Agent
# Now load your key files into ssh-agent
ssh-add ~\.ssh\id_rsa
ssh-add C:\Users\USERNNAME\.ssh\id_rsaCode language: PowerShell (powershell)Deploy Public key to Server
For some reason, the Win 10 installations do not include ssh-copy-id ! Therefore you would need to manually copy and paste the contents of the .ssh/id_rsa.pub file to the ~/.ssh/authorized_keys directory of the server
# Use scp to copy the public key file generated previously to authorized_keys on your server
scp C:\Users\user1\.ssh\id_rsa.pub user1@Server_IP:\home\user1\.ssh\authorized_keys
Code language: PowerShell (powershell)Convert SSH key to SSH2 format for XShell
Public Key
# ssh-keygen with
# -e option: tells SSH to read an OpenSSH key file and convert it to SSH2 format.
# The default export format is “RFC4716”.
# This option allows exporting OpenSSH keys for use by other programs,
# PUBLIC KEY
ssh-keygen -e -f id_rsa.pub > id_RFC4716.pub
# PRIVATE KEY - FAILS !!! . This also generates a public key only
ssh-keygen -e -f id_rsa > id_RFC4716
# -i option: tells SSH to read an SSH2 key and convert it into the OpenSSH format.
# The default import format is “RFC4716”. <-- SSH2
Code language: PHP (php)Private Key Conversions
It should be possible to import the ssh-keygen generated keys directly in Xshell etc.
Use PuttyGen on Widnows. Download it here
- Start PuTTYgen
- Conversions > Import key – Select the Private key File
- Conversions > Export
- Export OpenSSH key: Header —–BEGIN RSA PRIVATE KEY—–
- Export OpenSSH key (force new file format): key Header—–BEGIN OPENSSH PRIVATE KEY—–
- Export SSH.com key: Header —– BEGIN SSH2 ENCRYPTED PRIVATE KEY —-
- Save private Key – Key Header: – PuTTY-User-Key-File-2: ssh-rsa
SSHd Configuration
Only needed if the Win10 system needs to be accessed from elsewhere over SSH (i.e. the Win 10 system is going to act as as server) – not your typical use case. sshd.exe, is the SSH server component that must be running on the system being managed remotely
%programdata%\ssh\sshd_configCode language: PowerShell (powershell)