With the recently released Windows 10 Fall Creators Update (version 1709), an integrated OpenSSH client is available for use inside Windows with both the Command Prompt and PowerShell. It is tagged as Beta, but you may want to try it out. If so, here is one method of getting it installed.
Using the "Search Windows" tool (magnifiying glass icon next to the start menu in lower left corner), enter "manage optional features".
Click on "Add a feature".
Scroll down to "OpenSSH Client (Beta)" and click "Install".
Once it completes you will see it has been added to the list.
Clicking on it for additional details reveals that a restart is required.
Trying to run
ssh without a restart results in this typical error.
PS C:\> ssh sshd : The term 'ssh' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:1 + sshd + ~~~~ + CategoryInfo : ObjectNotFound: (ssh:String) , CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException
Once you've rebooted the output is more encouraging
PS C:\> ssh usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] [user@]hostname [command]
Now we can test out connecting to a server running SSH. The first system I tried happened to be running a very old SSH server and didn't have a supported key exchange method.
PS C:\> ssh email@example.com Unable to negotiate with ipv4.add.re.ss port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
Connecting to a patched CentOS 7 server worked much better.
PS C:\> ssh firstname.lastname@example.org The authenticity of host '172.16.1.10 (172.16.1.10)' can't be established. ED25519 key fingerprint is SHA256:REMOVED. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '172.16.1.10' (ED25519) to the list of known hosts. email@example.com's password: Last login: Tue Oct 31 00:23:33 2017 from 10.71.202.6 [username@centos ~]$ uname -a Linux centos 3.10.0-514.10.2.el7.x86_64 #1 SMP Fri Mar 3 00:04:05 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
I ran into a few issues testing with existing RSA public keys. (Powershell wouldn't connect and returned errors about the key being invalid.) I haven't sorted that out just yet. I was successful using a ED25519 key pair generated using
ssh-keygen on Windows 10 like this:
PS C:\> ssh-keygen -t ed25519 Generating public/private ed25519 key pair. Enter file in which to save the key (C:\Users\demo/.ssh/id_ed25519): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in C:\Users\demo/.ssh/id_ed25519. Your public key has been saved in C:\Users\demo/.ssh/id_ed25519.pub. The key fingerprint is: SHA256:REMOVED_FINGERPRINT username@host The key's randomart image is: +--[ED25519 256]--+ |+ +oo +. | ... |++. | +----[SHA256]-----+
Then copying the public key:
PS C:\> cat .ssh\id_ed25519.pub ssh-ed25519 PUBLIC_KEY_TEXT username@host
And placing it in the servers
authorized_keys file (in the relevant user's home directory) allowed successful authentication without a password.
PS C:\> ssh firstname.lastname@example.org Last login: Mon Dec 4 20:37:41 2017 from 10.71.202.6
The public key can also be added to your list of keys in the ProfitBricks DCD for use when provisioning new servers. Connecting to a newly provisioned CentOS 7 server that was configured to use the public key in the DCD worked great.
PS C:\> ssh email@example.com The authenticity of host 'ipv4.add.re.ss' can't be established. ED25519 key fingerprint is SHA256:REMOVED. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ipv4.add.re.ss' (ED25519) to the list of known hosts.
Remember that you can use
ssh -v when connecting to get additional debug info that may help troubleshoot a connection issue.
I'm not sure if this will replace PuTTY in my workflow anytime soon, but I am excited to have OpenSSH available directly in PowerShell!