Windows 10 is becoming a useful Unix/Linux sysadmin platform. First, it has incorporated Windows Subsystem for Linux in the Windows 10 Fall Creators Update. Now, in the Windows 10 April 2018 Update, Microsoft has finally brought a native Secure Shell (SSH) to Windows.
It’s taken a long time. Microsoft started work on porting OpenSSH to PowerShell in 2015 because of user demand.
Finally, though, you’ll no longer need third-party SSH clients such as Putty when you connect to a system running a SSH server. OpenSSH is a collection of client/server utilities. It enables developers and administrators to use secure remote login, remote file transfer, and public/private key pair management with any system with an OpenSSH server.
OpenSSH is commonly used with BSD, Linux, macOS, and Unix servers, but it can be used with any platform, including Windows 10, with a SSH server. This particular popular SSH client/server implementation is part of the OpenBSD project.
For full instructions on how to use this command-line interface program, check out the OpenSSH manual page. The most common way to use it is to connect to a remote server. If you’re using passwords, this is done with the following command:
If it’s your first connection to a particular SSH server, it will display the host key fingerprint and ask you to confirm that you want to connect. If you answer yes, the host key will be saved in the %UserProfile%.sshknown_hosts hidden file, and when next you connect to it, you won’t be asked again.
Next, you must enter the remote server’s user account password. Once that’s done, you’re logged into the remote server, and you can program on it or run system administration tools.
Once you’re done type “exit”. You’ll then get the following message: “Connection to [server] closed.” And you’re back to your local command prompt.
It’s safer, however, to use key-based authentication. For that, you must first generate client public/private key pairs. From PowerShell or cmd, you do this by using ssh-keygen to generate the key files. This is done with the following commands:
With my system, the output looks like:
Generating public/private ed25519 key pair.Enter file in which to save the key (C:Userssjvn.sshid_ed25519):
ED25519 is the public-key signature system currently used by OpenSSH to secure connections. You’ll then be prompted to use a passphrase to encrypt your private key files. The resulting files ending with a .pub are your public keys, while the others are your private keys.
Next, you must move your public key (~.sshid_ed25519.pub) into a text file called authorized_keys in the directory ~.ssh on the remote server.
Private keys are like your passwords. They must be protected. On Windows, you should shield your private keys by using the ssh-agent service, as the Administrator, and use ssh-add to store your private key. Then, whenever you need it for authentication, ssh-agent will automatically retrieve it and pass it to OpenSSH.
Once set up, you’ll be able to securely login into remote servers and transfer files to them. You’re now ready to work on remote Unix/Linux systems. Enjoy.
- Microsoft adds OpenSSH support to PowerShell
- Harnessing the power of SSH
- Microsoft becomes OpenBSD’s first gold contributor