Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
OpenSSH Instructions


ssh-keygen -t ed25519

cat ~/.ssh/ > ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 400 ~/.ssh/authorized_keys
chmod 400 ~/.ssh/id_ed25519


(Admin Powershell)

  • Check if server is installed
Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'
  • If not, make sure Windows Update is enabled, then install by:
Add-WindowsCapability -Online -Name OpenSSH.Server
  • Start the sshd service
Start-Service sshd
Set-Service -Name sshd -StartupType 'Automatic'
  • Configure firewall
Get-NetFirewallRule -Name *ssh*
  • If the firewall does not exist, create one
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
  • Generate ssh key pair
ssh-keygen -t ed25519
cp ~/.ssh/ C:\ProgramData\ssh\administrators_authorized_keys
  • Fix Permission: Disable inheritance, only system full control and admin full control, delete the rest.

    • => svcore (powershell, no GUI)

    • Check current permissions

    $path = 'C:\ProgramData\ssh\administrators_authorized_keys'
    $acl = Get-ACL -Path $path
    $acl | fl
    • disable folder inheritance
    $acl.SetAccessRuleProtection($True, $True)
    # the first $True shows if the folder is protected, the second $True specifies if the current NTFS permissions have to be copied
    Set-Acl -Path $path -AclObject $acl
    • remove the NTFS permission to access a folder for a user
    $acl = Get-Acl $path
    $rules = $acl.Access | where IsInherited -eq $false
    $targetrule = $rules | where IdentityReference -eq "NT AUTHORITY\Authenticated Users"
    $acl | Set-Acl -Path $path
    • Check result
    Get-ACL -Path $path | fl
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment