ASCII.jp Install Microsoft's version of OpenSSH on Windows 10

Anniversary Update completes the operating environment

OpenSSH is open source software for using the Secure Shell protocol. The OpenBSD project will be the center of development. This OpenSSH includes both an SSH client/server, but it's a command-line program that runs inside a console window rather than a GUI app.

OpenSSH has existed for some time and was available on Windows, but there was a problem on the Windows side that restricted its use as an SSH client.

Because escape sequences in the console window are not supported until Windows 8, for example, even if you connect to a Linux machine, from the Linux application side, it is a "dumb terminal" that cannot control the screen. I had to use it, and I couldn't use, for example, a screen editor.

However, when the Windows Subsystem for Linux was introduced in Windows 10 Ver.1607 (RS1, Anniversary Update), escape sequences became available in the Windows console window. For this reason, using OpenSSH, it became possible to use screen editors such as Linux from Windows 10. Additionally, OpenSSH can be used as both a server and a client. Here, I will explain how to install OpenSSH.

Actual download and installation

OpenSSH, ported by Microsoft, can be downloaded from the following URL.

https://github.com/PowerShell/Win32-OpenSSH/releases

The distribution is a ZIP-compressed file that contains the necessary executables, etc. There are files for 32-bit version, 64-bit version, with symbols for debugging, and without symbols, but usually choose either "OpenSSH-Win32.zip" or "OpenSSH-Win64.zip" without symbols. The former is the 32bit version and the latter is the 64bit version. Select according to your execution environment.

If you make an appropriate folder and extract the ZIP file in it, the installation itself will be completed. However, since OpenSSH saves the necessary information as a file in the installation folder, it is better not to put it in a folder with write restrictions.

In addition, the Program Files and Program Files (x86) folders have write restrictions, and the folder virtualization mechanism works for compatibility with past applications, so files are stored in different locations. will be placed in In that case, you will have to search for the necessary files when you migrate the system.

So, in this article, I will create a folder called "OpenSSH" (C:\OpenSSH) in the root folder of the C drive and install it there. Of course, you can set the folder freely, but in that case, please rewrite the path specified in the command below according to your environment and use it.

Settings are only needed if you're running a server, but it's worth running a server even on a Windows machine. If you set the router's firewall function correctly, you can access it from the Internet side, and even on a local network, you don't need to open a remote desktop or move to another machine for work that can be done with the command line. .

In the unlikely event that Windows cannot be operated with the mouse, remote login via SSH may still work, and by using the tasklist and taskkill commands from the command line to terminate the problematic program, it will be possible to operate again. There is also the possibility of becoming. In the past, this was possible with the telnet server attached to Windows, but this telnet only had plaintext passwords or NTLM authentication, so there was a security problem with setting it on a machine that was taken outside. . However, OpenSSH also mitigates security concerns.

Of course, you can use the Server Broker version of SSH server that automatically starts when you turn on developer mode, but there is no information, for example, you don't even know how to register the client's public key on the server (it's possible in the first place) whether or not). So if you want to run an SSH server, you should switch to OpenSSH.

Things to do before setting up OpenSSH

First, go to "Settings" → "Update & Security" → "For developers" and select "Developer mode".

Turn on developer mode. Although it is not directly related to OpenSSH, turning on developer mode allows you to set the PowerShell execution policy from the GUI.

This will allow you to switch PowerShell's execution policy using the GUI. Then, referring to the previous article, stop the Server Broker version of the SSH server (if developer mode is on), set the status to "disabled" and prevent it from starting. Note that applying Future Update may change the status of the Server Broker version of the SSH server to "manual" and start it up.

Also, the MS version of OpenSSH uses PowerShell for configuration. This requires changing PowerShell's execution policy to allow unsigned script files for local file execution. In "For developers", there is an item called "PowerShell", where there is a checkbox that says "Don't sign...".

Press "Apply" button of "PowerShell" in "Settings" → "Update & Security" → "For developers" to change PowerShell's execution policy

Press the "Apply" button below this to allow PowerShell to run local files without signatures.

Next, check your settings. To do that, launch PowerShell and run "Get-ExecutionPolicy -List". It is OK if "RemoteSigned" is displayed next to "Current User".

It is OK if the right side of "Current User" is "RemoteSigned" in the execution result of "Get-ExecutionPolicy -List" command after starting PowerShell.

The same thing can also be set manually. To do so, start PowerShell with administrator privileges from the menu that opens with the Win + X key or the Start menu, and execute the following command.

To manually change the execution policy, use the Set-ExecutionPolicy command. The method of checking the result is the same

Set-ExecutionPolicy -Scope CurrentUser RemoteSigned

"RemoteSigned" means that script files running over the network must be signed, but local script files do not require a signature.

Next, register the path where OpenSSH is installed in the Path environment variable so that it can be used easily from the command line. By doing this, OpenSSH commands can be executed in the Command Prompt window without setting the full path.

"Control Panel" → "System" → "Advanced System Settings" → "Environment Variables Button" to display the dialog box for environment variables. There are two lists, the top is the user's personal environment variable settings, and the bottom is the system-wide environment variable settings.

Considering the possibility of using OpenSSH from multiple user accounts, select "Path" in the "System environment variables" below and press the "Edit" button. Since the search path of the executable file registered in the Path environment variable is displayed in a list format, press the "New" button and enter the OpenSSH installation path (C:\OpenSSH).

Now that the OpenSSH path is set, any subsequent Command Prompt window that opens can invoke OpenSSH commands. Basically, in this state, the OpenSSH client ssh.exe can be executed. As a simple usage, you can use the IP address of the connection destination or the host name in the LAN as an argument.

ssh PC1

You can connect to other machines running SSH servers by typing

.

If you set the path, you can run ssh.exe, which is an SSH client.

So far, the client is now working, so next time I will explain the server side settings.