====== OpenSSH for Windows ======

===== Installation =====

==== Requirements ====

Make sure you use Windows Build 1809 or newer, you can check this by executing the following command via WIN + R
<code>
winver</code>

{{:windows:windows10:pasted:20220912-093519.png?600}}

If this is the case, choose one of the following installation methods.

==== Installation GUI ====

Go to Settings -> Apps -> Apps and features -> Optional features \\
or run the following command via WIN + R

<code>
ms-settings:appsfeatures
</code>

Click on "Add feature" and search for "openssh", then install "OpenSSH Server"

==== Installation PowerShell "Add" ====

Open PowerShell as Admin

<code>
# Install the OpenSSH Server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

# (Optional) Install the OpenSSH Client
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
</code>

Source: [[https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse?tabs=powershell|docs.microsoft.com - Get started with OpenSSH for Windows (EN)]]

==== Installation PowerShell "dism" ====

Open PowerShell as Admin

<code>
dism /Online /Add-Capability /CapabilityName:OpenSSH.Server~~~~0.0.1.0
</code>

==== Add to autostart ====

Open PowerShell as Admin

<code>
# Start the sshd service
Start-Service sshd

# OPTIONAL but recommended:
Set-Service -Name sshd -StartupType 'Automatic'
</code>

==== Check installation ====

=== GUI ===

Go to Settings -> Apps -> Apps and features -> Optional features \\
or run the following command via WIN + R

<code>
ms-settings:appsfeatures
</code>

OpenSSH Server should be listed as "installed feature"

{{:windows:windows10:pasted:20220912-094803.png?500}}

=== PowerShell ===

Open PowerShell

<code>
Get-WindowsCapability -Online | ? Name -like 'OpenSSH.Server*'
</code>

{{:windows:windows10:pasted:20220912-095722.png}}

===== Configuration =====

==== Open port 22 on Windows Firewall ====

Usually the port will be opened when installing OpenSSH, to check if its opened and add if not, execute the following code via PowerShell (admin)

<code>
if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {
    Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
    New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
    Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."
}
</code>

{{:windows:windows10:pasted:20220912-101355.png}}

Source: [[https://docs.microsoft.com/de-de/windows-server/administration/openssh/openssh_install_firstuse - OpenSSH installieren (DE)]]

==== Allow/Deny users ====

FIXME
<code>
</code>

==== Add publickey to authorized_keys ====

FIXME
<code>
</code>

===== Troubleshooting =====

==== Username or Password wrong  ====

FIXME