Watch the video:

Why?

There are many reasons to connect to your PC using SSH.

It’s essentially a remote Powershell or command prompt window allowing you to run commands as if you were in front of your computer. This uses a lot less Internet than something like AnyDesk or TeamViewer, etc.

Install SSH server

Hit Start and open Settings, then head to Apps, followed by Optional features.

We need to install the open SSH server here.

Simply search for SSH to see if you already have the OpenSSH Server installed. The OpenSSH Client is different and not what we need.

If you don’t see it, click add an optional feature and search for OpenSSH server.

Tick it ,choose next and wait for it to install.

Alternative SSH Server install

Assuming the above doesn’t work for some reason there is an alternative method.

Download the latest open ssh win 64 MSI installer from the Github page, here.

And install it as normal.

Check SSH Server is installed.

The simplest way to do this is press Start+R, and inside of the run box type services.msc. Then hit OK.

In here, we’re looking for OpenSSH SSH Server. Double click this, and set the Startup type to Automatic so that it starts up whenever your PC boots.

On the logon tab, you can change what user account it uses in case you’d like to limit admin access.

On the recovery tab, it’s very important to choose all of the options as restart the serviced just in case you’re really far away from your computer and need access.

Allow firewall access

Assuming you’re not using a 3rd party firewall, we can add firewall rules into windows, and we should be able to access it from outside our computer.

1 2

New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH SSH Server' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 -Program "C:\Windows\System32\OpenSSH\sshd.exe" New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH SSH Server' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 -Program "C:\Program Files\OpenSSH\sshd.exe"

If you ever wish to remove your Firewall rules for this, run the command: Remove-NetFirewallRule -DisplayName "OpenSSH SSH Server"

Just make sure to choose ONE of the above commands, the one that has the correct path. You can double check this in the services.msc window on the first tab.

This firewall rules allows port 22 access to our computer, which is where the SSH server is hosted.

Get your IP

The simplest way to try and see if it works is to connect using another device, or something like wsl, running a different operating system.

The first thing you need to do is find out your local ip address. And to do so, open a command prompt and type in ipconfig.

Find the way that you are connected to the Internet and look for the IPV4 address. This is what you’ll enter when you’re connecting to your SSH server.

You can quickly test to see if you have the right one by typing in ping, followed by the IP address on another computer or WSL to test to see if that computer is reachable.

Such as ping 192.168.1.10.

Connect to your SSH server

All we need to do is type in ssh username@ip and hit enter. If you don’t know what your system username is, open up a command prompt and type in echo %USERPROFILE% and hit enter. Then you’ll see your system username return back to you.

For example, ssh [email protected].

Now you should be connected to your ssh server. You may be asked to enter a Windows password, then do it.

Access from outside your local network

In order to access it from outside your local network, you’ll need to port forward port 22 from your router (or routers on the way to your PC) so that whenever someone hits your external IP address, it’ll be redirected to your internal IP address where your computer is. Feel free to change port 22 to whatever you want in order to prevent conflicts on your local network. This can be done in Windows, or forward another port to 22 internally on your router.

Security

The best way to more security is to use key-based authentication. This is essentially a way of connecting without needing to remember any passwords, which allows really long password-like text to be transferred automatically for authentication, assuming you have key files.

The OpenSSH Key Management article is what we’re using for these commands.

The public key is stored on your server, and the private key is used to connect it to your server computer.

Create a key pair

On the computer you’d like to connect to your server with you’ll be typing in the following commands:

1	ssh-keygen -t ed25519

You can enter a file name and then just follow the prompts on screen. Make sure to enter a password that you’ll remember.

Install the private key

At this point, you can install the keys on your computer, allowing you access to quicker, but in case you’d like to use this private key elsewhere (on a different computer), you’ll need to go ahead and copy it before running these commands. You can always generate more private public key pairs. You don’t need to worry about just one.

I’d recommend running these commands, as it should be easier. You don’t need to point to a file name in order to connect to a server.

Keep in mind this needs to be PowerShell.

1 2 3 4 5 6 7 8 9 10 11 12

# By default the ssh-agent service is disabled. Configure it to start automatically. # Make sure you're running as an Administrator. Get-Service ssh-agent | Set-Service -StartupType Automatic # Start the service Start-Service ssh-agent # This should return a status of Running Get-Service ssh-agent # Now load your key files into ssh-agent ssh-add $env:USERPROFILE\.ssh\id_ed25519

Install the public key on your server

Now to actually install the public key on your server in order to connect to it, you can run the following commands. Just make sure to change username@domain to be your servers username, followed by your servers IP address.

1 2 3 4 5 6 7 8

# Get the public key file generated previously on your client $authorizedKey = Get-Content -Path $env:USERPROFILE\.ssh\id_ed25519.pub # Generate the PowerShell to be run remote that will copy the public key file generated previously on your client to the authorized_keys file on your server $remotePowershell = "powershell New-Item -Force -ItemType Directory -Path $env:USERPROFILE\.ssh; Add-Content -Force -Path $env:USERPROFILE\.ssh\authorized_keys -Value '$authorizedKey'" # Connect to your server and run the PowerShell using the $remotePowerShell variable ssh username@domain $remotePowershell

If you’re doing this on the server computer, you can run: username@localhost instead.

C:\ProgramData\ssh on your server should now contain an updated administrators_autohorized_keys file. This is where this key pair is stored and ready for connection.

Connect using key pair

If you’re using something like Visual Studio code and the RemoteSSH plugin, you can add the following to your SSH config file in order to connect to your new server.

The SSH config file should be located here: %USERPROFILE%\.ssh\config.

1 2 3 4 5

Host Self HostName localhost Port 22 User tcno IdentityFile C:\Users\Techn\.ssh\id_ed25519

Now you should be able to connect to your server using RemoteSSH in VSCode, for example.

Disable password authentication

On your server: Press Start+R, then type %USERPROFILE%\.ssh\config, and hit enter.

Open sshd_config with a text editor like notepad (But it will need to run as Administrator).

Lines that start with a hash (#) can have the hash removed to uncomment them and make them active. For example, you can uncomment Port 22 and change it to whatever you’d like, then restarting the SSH server should listen on that other port.

Under # Authentication: I like to uncomment and set the following: MaxAuthTries 6.

Further down set: PasswordAuthentication no instead of #PasswordAuthenticatino yes.

Restart SSH server

To restart the SSH server once again, open services.msc. Then locate the open SSH server, right-click, and choose restart.