Exported on 19-Nov-2021 13:16:05
Parameters
1 - Download OpenSSH release archive
Download the release archive to $env:TMP folder.
Login as user {Windows User} on node {Windows Node}
# Download OpenSSH release archive from Microsoft PowerShell github repo
$Destination = ($env:TMP + "\{opensshArchiveDownloadFilename}")
Invoke-RestMethod -Uri {opensshArchiveDownloadUrl} -OutFile $Destination
2 - Unzip OpenSSH release archive
Unzip to $env:ProgramFiles folder.
Login as user {Windows User} on node {Windows Node}
# Unzip the file from the downloaded repo to Program Files dir
$ArchivePath = ($env:TMP + "\{opensshArchiveDownloadFilename}")
Expand-Archive -Path $ArchivePath -DestinationPath ($env:ProgramFiles)
3 - Rename OpenSSH folder name
The archive has a "-Win64" suffix in folder name when unzipped, remove the suffix to comply with the installation doc.
Login as user {Windows User} on node {Windows Node}
Rename-Item ($env:ProgramFiles + "\OpenSSH-Win64") ($env:ProgramFiles + "\OpenSSH")
4 - Run OpenSSH install script
Run the OpenSSH install script as required by the installation doc.
Login as user {Windows User} on node {Windows Node}
# Install OpenSSH
. ($env:ProgramFiles + "\OpenSSH\install-sshd.ps1")
5 - Remove OpenSSH release archive
Remove the OpenSSH release archive to free disk space.
Login as user {Windows User} on node {Windows Node}
# Remove the Downloaded OpenSSH file
$ArchivePath = ($env:TMP + "\{opensshArchiveDownloadFilename}")
Remove-Item -Path $ArchivePath -Force
6 - Set OpenSSH service to automatic startup
Configure the OpenSSH service to automatically start when Windows booting up.
Login as user {Windows User} on node {Windows Node}
# make the service automatically start when Windows booting up
Set-Service -Name sshd -StartupType Automatic
7 - Start OpenSSH service
Issue a manual startup command, to make sure the service is running.
Login as user {Windows User} on node {Windows Node}
# Start the sshd service
Start-Service sshd
8 - Open SSH port in Windows Firewall
Config Windows Firewall to allow 22 port(SSH default port) to be connected by SSH client.
Login as user {Windows User} on node {Windows Node}
# Confirm the Firewall rule is configured. It should be created automatically by setup. Run the following to verify
if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {
Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."
}
Using Attune to install and configure OpenSSH Server on Win10/Win11/Win2019
This blueprint is used to install and configure OpenSSH Server on Win10/Win2019. OpenSSH is a connectivity tool for remote login that uses the SSH protocol. It encrypts all traffic between client and server to eliminate eavesdropping, connection hijacking, and other attacks.
OpenSSH is the de-facto standard tool used by administrators of Linux and other non-Windows for cross-platform management of remote systems. It has been added to Windows (as of autumn 2018), and is included in Windows 10 and Windows Server 2019.
This blueprint utilizes an installation process more like a third-party software from the perspective of
It has been added to Windows
, compared to the Add-WindowsCapability approach(which needs workaround to run in WinRM, see the other companion blueprint for detail). However, it's also made public by the official team(it's calledtest release
).Tested on Windows 10/11/2019
Pre-Blueprint Attune setup