Configuring SSH Access on Windows Server 2022 Using PowerShell

In the world of IT management, secure and efficient remote access to servers is crucial. Enabling SSH (Secure Shell) on Windows Server 2022 provides a secure way to manage your servers. This guide will walk you through the process of configuring SSH access using PowerShell, focusing on adding an SSH public key for key-based authentication.

Why Use SSH on Windows Server? Link to heading

SSH provides a secure channel over an unsecured network, allowing encrypted communication and secure login from a remote computer. It is widely used for remote management and automation, offering numerous benefits such as security, automation, and compatibility with various tools and platforms.

Prerequisite - Installation Steps Link to heading

To install OpenSSH Server on Windows Server 2022, use the following PowerShell commands:

# Install the OpenSSH Server capability
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

# Start the SSH server
Start-Service sshd

# Set the SSH server to start automatically
Set-Service -Name sshd -StartupType 'Automatic'

# Add the firewall rule for SSH
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

PowerShell Script to Configure SSH Access Link to heading

Below is a PowerShell script that configures SSH access by adding an SSH public key to the authorized keys file for the Administrator account and ensuring the correct permissions.

<#
.SYNOPSIS
This script configures SSH access on a Windows Server instance by adding an SSH public key.

.DESCRIPTION
The script adds an SSH public key to the authorized keys file for the Administrator account,
configures the SSH server to allow key-based authentication, and ensures correct permissions.

.NOTES
Run this script on a Windows Server instance where OpenSSH Server is already installed.
#>

# Define the SSH directory and authorized keys file path
$sshDir = "$env:ProgramData\ssh"
$authorizedKeysPath = "$sshDir\administrators_authorized_keys"

# Ensure the SSH directory exists
if (-not (Test-Path $sshDir)) {
    New-Item -Type Directory -Path $sshDir -Force
}

# Add your public key to the authorized keys file
$publicKey = "ssh-rsa your public key"  # Replace with your actual public key
if (-not (Test-Path $authorizedKeysPath)) {
    New-Item -Type File -Path $authorizedKeysPath -Force
}
Add-Content -Path $authorizedKeysPath -Value $publicKey

# Ensure correct permissions on the authorized keys file
icacls $authorizedKeysPath /inheritance:r
icacls $authorizedKeysPath /grant "Administrators:F"
icacls $authorizedKeysPath /grant "SYSTEM:F"
icacls $authorizedKeysPath /remove "Users"
icacls $authorizedKeysPath /remove "Authenticated Users"

# Restart the SSH server to apply changes
Restart-Service sshd

# Confirm the SSH server is running
Get-Service sshd

Script Breakdown Link to heading

• Define the SSH Directory and Authorized Keys File Path: The script defines the path to the SSH directory and the administrators_authorized_keys file.

• Ensure the SSH Directory Exists: If the SSH directory does not exist, the script creates it.

• Add Your Public Key: Replace "ssh-rsa your public key" with your actual public key. The script adds this key to the administrators_authorized_keys file.

• Set Correct Permissions: The script uses icacls to set the correct permissions on the administrators_authorized_keys file, ensuring that only Administrators and SYSTEM have full access.

• Restart SSH Service: The script restarts the SSH service to apply the changes.

• Confirm SSH Service Status: The script checks the status of the SSH service to ensure it is running.

Running the Script Link to heading

1. Open PowerShell as Administrator:

   • Right-click on the Start button and select Windows PowerShell (Admin).

2. Run the Script:

   • Copy and paste the script into the PowerShell window or save it as a .ps1 file and execute it.

Conclusion Link to heading

By following this guide, you can configure SSH access on your Windows Server 2022 instance using PowerShell. This setup enhances security by using key-based authentication and provides a secure method for remote management and automation.

Emmanuel Tsouris is a Systems Development Manager working in the cloud, with extensive experience in cloud platforms, enterprise management, and automation. In his spare time, he enjoys hiking, biking, cooking, photography, and writing. For more insights and tips, visit emmanueltsouris.com.