Peerobyte / Documentation / Remote Access and Setup / Connecting via OpenSSH / Installing OpenSSH Server / Windows: Using Powershell to Install SSH Server

Windows: Using Powershell to Install SSH Server

Published

OpenSSH Server can be installed via Powershell on both server and desktop versions of Windows.

Prerequisites

1. Your device must be running Windows Server 2019 or Windows 10 (build 1809) or later versions.

2. Your system must have PowerShell version 5.1 or later installed. You can read how to install Powershell in the "Installing PowerShell on Windows" guide.

3. The account you are using must belong to the "Administrators" group.

Primary Installation Method

1. Run PowerShell as an administrator.

2. Check if the OpenSSH Server is already installed using the command:

		

			
		

		Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH.Server*'


The result will look something like this:

		

			
		

		PS C:\WINDOWS\system32> Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH.Server*'
Name  : OpenSSH.Server~~~~0.0.1.0State : NotPresent
PS C:\WINDOWS\system32>


If the State is Installed, this means the OpenSSH Server is already installed, and you can skip to step 4.

3. If the OpenSSH Server is not installed, install it using the command below, where you use the Name value obtained from the previous step as the parameter for -Name:

		

			
		

		Add-WindowsCapability -Online -Name <Name>


Example command and its output:

		

			
		

		PS C:\WINDOWS\system32> Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0Path          :Online        : TrueRestartNeeded : False
PS C:\WINDOWS\system32>


If the RestartNeeded parameter returns True, a reboot is required; if Possible, a reboot is recommended.


To reboot, save all data and execute:

		

			
		

		Restart-Computer


4. Start the OpenSSH Server service with the command:

		

			
		

		Start-Service sshd


5. If necessary, configure the OpenSSH Server service to start automatically at every system boot:

		

			
		

		Set-Service -Name sshd -StartupType 'Automatic'


6. Check for or create a firewall rule for the OpenSSH Server service by running the script:

		

			
		

		if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {    Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."    New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22} else {    Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."}


This script will check if a firewall rule for communication with the OpenSSH Server exists; if not, it will be created.

The OpenSSH Server service is now ready to use.

Alternative Installation Using DISM

1. Run PowerShell as an administrator.

2. Determine the available versions of OpenSSH.Server using the command:

		

			
		

		DISM /Online /Get-Capabilities | findstr "OpenSSH.Server"


The output will look like this:

		

			
		

		PS C:\WINDOWS\system32> DISM /Online /Get-Capabilities | findstr "OpenSSH.Server">>Capability Identity : OpenSSH.Server~~~~0.0.1.0PS C:\WINDOWS\system32>


The value of the Capability Identity parameter is the version of OpenSSH.Server available on the system.

3. Request information about OpenSSH.Server using the following command, where you use the version name obtained in the previous step as the /CapabilityName parameter:

		

			
		

		DISM /Online /Get-CapabilityInfo /CapabilityName:<Capability Identity>


Example command and its output:

		

			
		

		PS C:\WINDOWS\system32> DISM /Online /Get-CapabilityInfo /CapabilityName:OpenSSH.Server~~~~0.0.1.0
Deployment Image Servicing and Management toolVersion: 10.0.19041.3636
Image Version: 10.0.19045.4529
Capability Identity : OpenSSH.Server~~~~0.0.1.0Name : OpenSSH.ServerState : Not PresentDisplay Name : OpenSSH ServerDescription : OpenSSH-based secure shell (SSH) server, for secure key management and access from remote machines.Download Size : 1.29 MBInstall Size : 9.89 MB
The operation completed successfully.PS C:\WINDOWS\system32>


If the State parameter has the value Installed, then OpenSSH.Server is already installed in the system and in this case you need to go directly to step 5 of these instructions. 

4. Install OpenSSH Server using the command below, where you use the version name obtained in step 2 as the /CapabilityName parameter:

		

			
		

		dism /online /Add-Capability /CapabilityName:<Capability Identity>


Example command and its output:

		

			
		

		C:\WINDOWS\system32>dism /online /Add-Capability /CapabilityName:OpenSSH.Server~~~~0.0.1.0
Deployment Image Servicing and Management toolVersion: 10.0.17755.1
Image Version: 10.0.17755.1
[==========================100.0%==========================]The operation completed successfully.


5. Start the OpenSSH Server service using the command:

		

			
		

		Start-Service sshd


6. If necessary, configure the service to start automatically at each device or virtual machine boot using the command:

		

			
		

		Set-Service -Name sshd -StartupType 'Automatic'


7. Ensure that a firewall rule for communication with the OpenSSH Server is created by running the script:

		

			
		

		et-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {    Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."    New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22} else {    Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."}


This script will check if a firewall rule for communication with the OpenSSH Server exists; if not, it will be created.

The OpenSSH Server service is now ready to use.