Install OpenSSH Server on Windows via Github Release

Exported on 19-Nov-2021 13:16:05

Using Attune to install and configure OpenSSH Server on Win10/Win11/Win2019

This blueprint is used to install and configure OpenSSH Server on Win10/Win2019. OpenSSH is a connectivity tool for remote login that uses the SSH protocol. It encrypts all traffic between client and server to eliminate eavesdropping, connection hijacking, and other attacks.

OpenSSH is the de-facto standard tool used by administrators of Linux and other non-Windows for cross-platform management of remote systems. It has been added to Windows (as of autumn 2018), and is included in Windows 10 and Windows Server 2019.

This blueprint utilizes an installation process more like a third-party software from the perspective of It has been added to Windows, compared to the Add-WindowsCapability approach(which needs workaround to run in WinRM, see the other companion blueprint for detail). However, it's also made public by the official team(it's called test release).

Tested on Windows 10/11/2019

Pre-Blueprint Attune setup
  1. On the Inputs tab, create a Windows node for the Target you wish to install WSL.
  2. On the Inputs tab, create a Windows credential to connect to the Target you wish to install WSL.

Parameters

Name Type Script Reference Default Value Comment
OpenSSH Archive Download Filename Text opensshArchiveDownloadFilename OpenSSH-Win64.zip The name of the archive when downloaded to $env:TMP.
OpenSSH Archive Download URL Text opensshArchiveDownloadUrl https://github.com/PowerShell/Win32-OpenSSH/releases/download/V8.6.0.0p1-Beta/OpenSSH-Win64.zip The release archive download link.
Windows Node Windows Server windowsNode
Windows User Windows OS Credential windowsUser

1 - Download OpenSSH release archive

Download the release archive to $env:TMP folder.

This step has the following parameters

Name Script Reference Default Value
OpenSSH Archive Download URL {opensshArchiveDownloadUrl} https://github.com/PowerShell/Win32-OpenSSH/releases/download/V8.6.0.0p1-Beta/OpenSSH-Win64.zip
OpenSSH Archive Download Filename {opensshArchiveDownloadFilename} OpenSSH-Win64.zip
The connection details have changed from the last step.

Login as user on node

  1. Connect via RDP
    mstsc /admin /v:Windows Node
  2. Login as user {Windows User}
  3. Then open a command prompt
This is a PowerShell Script make sure you run it with powershell.exe Click start menu, enter "powershell" in the search bar, then select the powersehll program
# Download OpenSSH release archive from Microsoft PowerShell github repo
$Destination = ($env:TMP + "\{opensshArchiveDownloadFilename}")
Invoke-RestMethod -Uri {opensshArchiveDownloadUrl} -OutFile $Destination

2 - Unzip OpenSSH release archive

Unzip to $env:ProgramFiles folder.

This step has the following parameters

Name Script Reference Default Value
OpenSSH Archive Download Filename {opensshArchiveDownloadFilename} OpenSSH-Win64.zip

Login as user on node

  1. Connect via RDP
    mstsc /admin /v:Windows Node
  2. Login as user {Windows User}
  3. Then open a command prompt
This is a PowerShell Script make sure you run it with powershell.exe Click start menu, enter "powershell" in the search bar, then select the powersehll program
# Unzip the file from the downloaded repo to Program Files dir
$ArchivePath = ($env:TMP + "\{opensshArchiveDownloadFilename}")
Expand-Archive -Path $ArchivePath -DestinationPath ($env:ProgramFiles)

3 - Rename OpenSSH folder name

The archive has a "-Win64" suffix in folder name when unzipped, remove the suffix to comply with the installation doc.

Login as user on node

  1. Connect via RDP
    mstsc /admin /v:Windows Node
  2. Login as user {Windows User}
  3. Then open a command prompt
This is a PowerShell Script make sure you run it with powershell.exe Click start menu, enter "powershell" in the search bar, then select the powersehll program
Rename-Item ($env:ProgramFiles + "\OpenSSH-Win64") ($env:ProgramFiles + "\OpenSSH")

4 - Run OpenSSH install script

Run the OpenSSH install script as required by the installation doc.

Login as user on node

  1. Connect via RDP
    mstsc /admin /v:Windows Node
  2. Login as user {Windows User}
  3. Then open a command prompt
This is a PowerShell Script make sure you run it with powershell.exe Click start menu, enter "powershell" in the search bar, then select the powersehll program
# Install OpenSSH
. ($env:ProgramFiles + "\OpenSSH\install-sshd.ps1")

5 - Remove OpenSSH release archive

Remove the OpenSSH release archive to free disk space.

This step has the following parameters

Name Script Reference Default Value
OpenSSH Archive Download Filename {opensshArchiveDownloadFilename} OpenSSH-Win64.zip

Login as user on node

  1. Connect via RDP
    mstsc /admin /v:Windows Node
  2. Login as user {Windows User}
  3. Then open a command prompt
This is a PowerShell Script make sure you run it with powershell.exe Click start menu, enter "powershell" in the search bar, then select the powersehll program
# Remove the Downloaded OpenSSH file 
$ArchivePath = ($env:TMP + "\{opensshArchiveDownloadFilename}")
Remove-Item -Path $ArchivePath -Force

6 - Set OpenSSH service to automatic startup

Configure the OpenSSH service to automatically start when Windows booting up.

Login as user on node

  1. Connect via RDP
    mstsc /admin /v:Windows Node
  2. Login as user {Windows User}
  3. Then open a command prompt
This is a PowerShell Script make sure you run it with powershell.exe Click start menu, enter "powershell" in the search bar, then select the powersehll program
# make the service automatically start when Windows booting up
Set-Service -Name sshd -StartupType Automatic

7 - Start OpenSSH service

Issue a manual startup command, to make sure the service is running.

Login as user on node

  1. Connect via RDP
    mstsc /admin /v:Windows Node
  2. Login as user {Windows User}
  3. Then open a command prompt
This is a PowerShell Script make sure you run it with powershell.exe Click start menu, enter "powershell" in the search bar, then select the powersehll program
# Start the sshd service
Start-Service sshd

8 - Open SSH port in Windows Firewall

Config Windows Firewall to allow 22 port(SSH default port) to be connected by SSH client.

Login as user on node

  1. Connect via RDP
    mstsc /admin /v:Windows Node
  2. Login as user {Windows User}
  3. Then open a command prompt
This is a PowerShell Script make sure you run it with powershell.exe Click start menu, enter "powershell" in the search bar, then select the powersehll program
# Confirm the Firewall rule is configured. It should be created automatically by setup. Run the following to verify
if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {
    Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
    New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
    Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."
}