Contents » Using WinSCP » Guides » Other »

Installing SFTP/SSH Server on Windows using OpenSSH

Recently, Microsoft has released an early version of OpenSSH for Windows. You can use the package to set up an SFTP/SSH server on Windows.

Installing SFTP/SSH Server

  • Download the latest OpenSSH for Windows binaries (package OpenSSH-Win64.zip or OpenSSH-Win32.zip)
  • Extract the package to C:\Program Files\OpenSSH
  • As the Administrator, install SSHD and ssh-agent services:
    powershell.exe -ExecutionPolicy Bypass -File install-sshd.ps1
  • As the Administrator, generate server keys by running the following commands from the C:\Program Files\OpenSSH:
    .\ssh-keygen.exe -A
  • Open a port for the SSH server in Windows Firewall:
    • Either run the following PowerShell command (Windows 8 and 2012 or newer only), as the Administrator:
      New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH
    • or go to Control Panel > System and Security > Windows Firewall > Advanced Settings > Inbound Rules and add a new rule for port 22.
    Advertisements:
  • Start the service and/or configure automatic start:
    • Go to Control Panel > System and Security > Administrative Tools and open Services. Locate SSHD service.
    • If you want the server to start automatically when your machine is started: Go to Action > Properties. In the Properties dialog, change Startup type to Automatic and confirm.
    • Start the SSHD service by clicking the Start the service.

These instructions are partially based on the official deployment instructions.

Setting up SSH public key authentication

Follow a generic guide for Setting up SSH public key authentication in *nix OpenSSH server, with following differences:

  • Create the .ssh folder (for the authorized_keys file) in your Windows account profile folder (typically in C:\Users\username\.ssh).
  • Grant the SSH server read permissions to the .ssh folder. As the Administrator, run:
    icacls C:\users\username\.ssh /grant "NT Service\sshd":R /T

Connecting to the server

Before the first connection, find out fingerprint of the server’s ED25519 key by running ssh-keygen.exe -l -f ssh_host_ed25519_key -E md5 from the C:\Program Files\OpenSSH:

C:\Program Files\OpenSSH>ssh-keygen.exe -l -f ssh_host_ed25519_key -E md5
256 MD5:0d:df:0a:db:b4:e9:f1:08:d5:59:2b:91:8e:08:1c:78 martin@example (ED25519)

Start WinSCP. Login dialog will appear. On the dialog:

  • Make sure New site node is selected.
  • On New site node, make sure the SFTP protocol is selected.
  • Enter your machine/server IP address (or a hostname) into the Host name box.
  • Enter your Windows account name to the User name box. It might have to be entered in the format user@domain, if running on a domain.
  • For a public key authentication:
  • For a password authentication:
    • Enter your Windows account password to the Password box.
    • If you Windows account does not have a password, you cannot authenticate with the password authentication (i.e. with an empty password), you need to use the public key authentication.
  • Save your site settings using the Save button.
  • Login using Login button.
  • Verify the host key by comparing fingerprint with the one collected before (see above).

If you cannot authenticate to the server, and you are using Windows 10 Developer mode, make sure that your OpenSSH server does not conflict with an internal SSH server used by the Developer mode. You may need to turn off the SSH Server Broker and SSH Server Proxy Windows services. Or run your OpenSSH server on a different port than 22.

Further reading

 
  guide_windows_openssh_server.txt · Last modified: by martin
 

Search Documentation

This page

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

Associations

Site design by Black Gate