Install Openssh

Install Openssh

Buried in the list of optional features that can be installed in Windows 10 are the beta versions of a OpenSSH Client and an OpenSSH Server. The client allows you to connect to remote SSH servers directly from the Windows command line and the server allows remote users to to remotely connect to Windows 10 and receive a command prompt over SSH.
Install Openssh Windows
Install Openssh Client Windows 10
Install Openssh Windows10
Download Openssh For Windows 2012
Install Openssh Server
Choose an SSH server, this allows you to remotely manage your machine. OpenSSH is what the big distro's use, Dropbear is a tiny SSH replacement. Choose none for best security. Choose an NTP client, this keeps your machine's time accurate using an Internet time server. Openntpd is what the big distro's use, while Chrony is a tiny replacement.
OpenSSH is the open-source version of the Secure Shell (SSH) tools used by administrators of Linux and other non-Windows for cross-platform management of remote systems. OpenSSH has been added to Windows as of autumn 2018, and is included in Windows 10 and Windows Server 2019.
I would like to install the Microsoft-provided OpenSSH client for Windows 10 on machines that do not have internet access. Typically the instructions for installing the OpenSSH client involve running a command like this in PowerShell: Add-WindowsCapability -Online -Name OpenSSH.Client0.0.1.0.
For those who would like remote console access to their Windows 10 computers, the built-in Windows 10 OpenSSH Server may be what you are looking for. Even better, for those who are familiar with OpenSSH from using it in Linux, the Windows 10 version operates pretty much the same.
While the Windows 10 OpenSSH client is really easy to install and use. figuring out how to get the OpenSSH Server up and running was a real pain as you have to do a lot of undocumented changes to permissions & privileges and the key generation doesn't work as expected. Now that I have figured it all out, though, it should take you no more than 10 minutes to follow these instructions and install a working OpenSSH Server implementation in Windows 10.
Installing the Windows 10 OpenSSH ServerSep 15, 2020 Transfer the compressed OpenSSH tar file to the /tmp/newOpenSSH directory 3) If /etc/ssh exists before the upgrade of OpenSSH or AIX, make a backup of the directory. Skip steps 3 and 9-10 if OpenSSH is not installed.

The first step is to click on the Windows Start Menu and then in the search field type option.  A search result labelled Manage optional features will be displayed, which you should click on. This will open up the Manage optional features screen as shown below.
This screen shows all the currently installed optional Windows features. Now click on the Add a feature button as indicated by the red arrow above. This will open up a list of optional features that can be installed. Most of them are font packs, but if you scroll down, you will see a feature called OpenSSH Server (Beta).
To install the OpenSSH Server (Beta), simply select it and click on the Install button. Once you click on the Install button, you will see the feature disappear from the list. This is normal and nothing to be worried about. Just click on the back arrow in the upper left of the window and you will be back to the list of installed features, but now with the OpenSSH Server (Beta) installed. 
You can now close this window.
After the installation, two new Windows services called sshd and sshd-agent will have been created and the associated files will be stored in the folder C:WindowsSystem32OpenSSH. The list of installed files are:
In order to finish the installation, you should now reboot your computer.
After you log back in, the sshd service will not be started and if you try to start it, Windows will report it does not have the required privileges for the service to start.
The missing privilege that the service needs is Replace a Process Level Token and we have to add it to the NT Servicesshd account. To do that, open the Local Security Policy Editor by searching for secpol in the Start Menu and selecting the Local Security Policy result that appears. 
When the Local Security Policy Editor opens, you should expand Local Policies and left click on User Rights Assignment. Once you have selected User Rights Assignment, you will see various privileges in the right pane. Scroll down till you see the Replace a process level token privilege and double-click on it. This will open the properties for that privilege and show the accounts or groups that it is currently assigned to.
Now click on the Add User or Group button and enter NT Servicesshd into the Enter the object names to select field as shown below.

When done, click ok the OK button to give this privilege to sshd. You can then press the OK button to close the properties and then close the Local Security Policy editor.

Even with the privilege enabled, when you try to start the sshd service, Windows will display the error 'Windows could not start the sshd service on Local Computer. Error 1067: The Process terminated unexpectedly.'
If you look in the C:WindowsSystem32OpenSSHLogssshd.log file it will display errors like the following.
SSHD is displaying these errors because you have not generated the host keys that will be used to encrypt the traffic between the server and client. To create these keys we need to execute the C:WindowsSystem32OpenSSHssh-keygen.exe -A command from an elevated command prompt so that the keys are created in the C:WindowsSystem32OpenSSH folder.
Install Openssh WindowsUsing the 'ssh-keygen -A' command will generate a key using the default key file path, an empty passphrase, default bits for the key type, and default comment. Normally, I would add a passphrase to the key, but in the current bundled Windows 10 version of OpenSSH , ssh-keygen will respond with a 'failed: invalid argument' error when you try and add a passphrase.
When you run the C:WindowsSystem32OpenSSHssh-keygen.exe -A  command, it will generate a private key named ssh_host_ed25519_key and a public key named ssh_host_ed25519_key.pub in the C:WindowsSystem32OpenSSH folder.
When ssh-keygen is finished creating and saving your key, it will bring you back to the command prompt as shown above. You can type exit and press enter to exit the elevated command prompt.
Install Openssh Client Windows 10Unfortunately, we are not done yet and if you try to start the sshd service, Windows will again respond with an 'Error 1067'. This is because the NT Servicesshd account does not have access to the C:Windowssystem32OpenSSHssh_host_ed25519_key file. To fix this, go into the properties of the ssh_host_ed25519_key file and make the following changes:
Install Openssh Windows10Change the owner of the file to NT Servicesshd.
Give the NT Servicesshd only the Read permission to this file.
Remove permissions for all users to this file. For example, your logged in account will have permissions, which should be removed.
When done, your permissions on the ssh_host_ed25519_key file should look like:
If you do not set the permissions correctly, you will not be able to start the sshd service and the log file will display the following errors:
When you have the proper permissions set on the private key file, you can start the sshd service again. This time, though, the sshd service will start and be available for computers to connect.

The first step is to click on the Windows Start Menu and then in the search field type option.  A search result labelled Manage optional features will be displayed, which you should click on. This will open up the Manage optional features screen as shown below.
This screen shows all the currently installed optional Windows features. Now click on the Add a feature button as indicated by the red arrow above. This will open up a list of optional features that can be installed. Most of them are font packs, but if you scroll down, you will see a feature called OpenSSH Server (Beta).
To install the OpenSSH Server (Beta), simply select it and click on the Install button. Once you click on the Install button, you will see the feature disappear from the list. This is normal and nothing to be worried about. Just click on the back arrow in the upper left of the window and you will be back to the list of installed features, but now with the OpenSSH Server (Beta) installed. 
You can now close this window.
After the installation, two new Windows services called sshd and sshd-agent will have been created and the associated files will be stored in the folder C:WindowsSystem32OpenSSH. The list of installed files are:
In order to finish the installation, you should now reboot your computer.
After you log back in, the sshd service will not be started and if you try to start it, Windows will report it does not have the required privileges for the service to start.
The missing privilege that the service needs is Replace a Process Level Token and we have to add it to the NT Servicesshd account. To do that, open the Local Security Policy Editor by searching for secpol in the Start Menu and selecting the Local Security Policy result that appears. 
When the Local Security Policy Editor opens, you should expand Local Policies and left click on User Rights Assignment. Once you have selected User Rights Assignment, you will see various privileges in the right pane. Scroll down till you see the Replace a process level token privilege and double-click on it. This will open the properties for that privilege and show the accounts or groups that it is currently assigned to.
Now click on the Add User or Group button and enter NT Servicesshd into the Enter the object names to select field as shown below.
When done, click ok the OK button to give this privilege to sshd. You can then press the OK button to close the properties and then close the Local Security Policy editor.
Even with the privilege enabled, when you try to start the sshd service, Windows will display the error 'Windows could not start the sshd service on Local Computer. Error 1067: The Process terminated unexpectedly.'
If you look in the C:WindowsSystem32OpenSSHLogssshd.log file it will display errors like the following.
SSHD is displaying these errors because you have not generated the host keys that will be used to encrypt the traffic between the server and client. To create these keys we need to execute the C:WindowsSystem32OpenSSHssh-keygen.exe -A command from an elevated command prompt so that the keys are created in the C:WindowsSystem32OpenSSH folder.
Install Openssh WindowsUsing the 'ssh-keygen -A' command will generate a key using the default key file path, an empty passphrase, default bits for the key type, and default comment. Normally, I would add a passphrase to the key, but in the current bundled Windows 10 version of OpenSSH , ssh-keygen will respond with a 'failed: invalid argument' error when you try and add a passphrase.
When you run the C:WindowsSystem32OpenSSHssh-keygen.exe -A  command, it will generate a private key named ssh_host_ed25519_key and a public key named ssh_host_ed25519_key.pub in the C:WindowsSystem32OpenSSH folder.
When ssh-keygen is finished creating and saving your key, it will bring you back to the command prompt as shown above. You can type exit and press enter to exit the elevated command prompt.
Install Openssh Client Windows 10Unfortunately, we are not done yet and if you try to start the sshd service, Windows will again respond with an 'Error 1067'. This is because the NT Servicesshd account does not have access to the C:Windowssystem32OpenSSHssh_host_ed25519_key file. To fix this, go into the properties of the ssh_host_ed25519_key file and make the following changes:
Install Openssh Windows10Change the owner of the file to NT Servicesshd.
Give the NT Servicesshd only the Read permission to this file.
Remove permissions for all users to this file. For example, your logged in account will have permissions, which should be removed.
When done, your permissions on the ssh_host_ed25519_key file should look like:
If you do not set the permissions correctly, you will not be able to start the sshd service and the log file will display the following errors:
When you have the proper permissions set on the private key file, you can start the sshd service again. This time, though, the sshd service will start and be available for computers to connect.
Now that the service is running you can remotely connect to your Windows 10 box over SSH. Below is an example of what it looks like when you SSH into a Windows 10 computer. Notice that you get a full command prompt where you can run all command line tools, including PowerShell.
The sshd service is to Automatic (Delayed Start), which means that Windows will launch this service after all other services which are set to Automatic have finished starting. Therefore, after you reboot a computer it may take a few minutes before the OpenSSH Server is up and running and can be connected to.
Download Openssh For Windows 2012With an OpenSSH Server running on Windows 10, you have added an extra layer of flexibility with how you can manage a computer. If you do decide to enable the OpenSSH Server, make sure that port 22, which sshd listens on, is only accessible by trusted IP addresses.
Install Openssh ServerSource: https://www.bleepingcomputer.com/news/microsoft/how-to-install-the-built-in-windows-10-openssh-server/