Step-by-Step Guide to Enabling SSH on Windows Server 2025

Introduction Link to heading

Secure Shell (SSH) is a powerful protocol for remotely managing servers with encryption and security. With the release of Windows Server 2025, Microsoft continues to support OpenSSH as an optional feature, making it easier than ever to use SSH natively on Windows.

This guide will walk you through the exact steps to enable SSH on Windows Server 2025. Whether you’re managing a single server or a fleet, enabling SSH can significantly streamline your workflows.

Prerequisites Link to heading

Before starting, ensure you have the following:

1. A system running Windows Server 2025.
2. Administrative privileges.
3. Internet access for downloading features and updates.

Steps to Enable SSH Link to heading

1. Install OpenSSH Server Link to heading

OpenSSH Server is included as an optional feature in Windows Server 2025. You can install it via the GUI or PowerShell:

Option 1: Install Using the Settings App Link to heading

1. Open Settings and navigate to Apps > Optional Features.
2. Click on Add a feature.
3. Search for “OpenSSH Server” in the list.
4. Select it and click Install.

Option 2: Install Using PowerShell Link to heading

Run the following command in an elevated PowerShell session:

Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

Verify the installation by checking the feature:

Get-WindowsCapability -Online | Where-Object Name -like '*OpenSSH*'

2. Start and Configure the SSH Service Link to heading

Once installed, start the OpenSSH service and configure it to start automatically on boot:

Start-Service sshd
Set-Service -Name sshd -StartupType Automatic

You can verify the status of the service using:

Get-Service -Name sshd

3. Adjust Firewall Settings Link to heading

To allow SSH connections, create an inbound firewall rule for port 22 (the default SSH port):

New-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -DisplayName "OpenSSH Server (TCP)" -Protocol TCP -Action Allow -Direction Inbound -LocalPort 22

4. Test SSH Connectivity Link to heading

From a client machine, use an SSH client to connect to your Windows Server 2025 instance. For example:

ssh username@your-server-ip

Replace username with your Windows user account name and your-server-ip with the server’s IP address. If prompted, accept the server’s host key.

Troubleshooting Tips Link to heading

• Ensure the SSH service is running: Get-Service -Name sshd.
• Verify that port 22 is open using: netstat -an | findstr 22.
• Check the logs in the Event Viewer under Applications and Services Logs > OpenSSH for detailed error messages.

Security Best Practices Link to heading

To enhance the security of your SSH setup, consider implementing the following measures:

1. Change the Default Port

   Edit the sshd_config file located in C:\ProgramData\ssh\ to use a non-standard port. Restart the SSH service after making changes:

   Restart-Service sshd
   

2. Use Key-Based Authentication

   Generate an SSH key pair on the client machine and add the public key to the authorized_keys file in the user’s .ssh directory on the server.

3. Restrict SSH Access

   Limit access to specific IP ranges by editing the firewall rules or configuring the sshd_config file.

4. Disable Root Login

   For enhanced security, prevent the Administrator account from logging in over SSH by setting PermitRootLogin no in the sshd_config file.

Conclusion Link to heading

By enabling SSH on Windows Server 2025, you unlock a versatile and secure way to manage your server. Whether you’re executing commands, transferring files, or automating tasks, SSH is an indispensable tool for system administrators.