通过SSH远程连接Windows

安装OpenSSH server#

Windows PowerShell(管理员)(A)

在powershell中输入：

1
# 安装OpenSSH客户端
2
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
3

4
#安装OpenSSH服务端
5
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

在powershell中输入：

1
Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'

若返回为：

1
Name  : OpenSSH.Client~~~~0.0.1.0
2
State : Installed
3

4
Name  : OpenSSH.Server~~~~0.0.1.0
5
State : Installed

则表示安装成功

公钥#

储存在C:\Users\username\.ssh\authorized_keys

注意要修改权限😭

1
# 远程通过ACL更改文件权限
2
ssh --% user1@ip icacls.exe "C:\Users\username\.ssh\authorized_keys" /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F"
3

4
#在服务器端修改authorized_keys文件权限
5
icacls.exe "C:\Users\username\.ssh\authorized_keys" /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F"

修改配置#

需要管理员权限

C:\ProgramData\ssh\sshd_config

参考

1
# This is the sshd server system-wide configuration file.  See
2
# sshd_config(5) for more information.
3

4
# The strategy used for options in the default sshd_config shipped with
5
# OpenSSH is to specify options with their default value where
6
# possible, but leave them commented.  Uncommented options override the
7
# default value.
8

9
#Port 22
10
#AddressFamily any
11
#ListenAddress 0.0.0.0
12
#ListenAddress ::
13

14
#HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key
15
#HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key
16
#HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key
17
#HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key
18

19
# Ciphers and keying
20
#RekeyLimit default none
21

22
# Logging
23
#SyslogFacility AUTH
24
#LogLevel INFO
25

26
# Authentication:
27

28
#LoginGraceTime 2m
29
#PermitRootLogin prohibit-password
30
#StrictModes yes
31
#MaxAuthTries 6
32
#MaxSessions 10
33

34
PubkeyAuthentication yes
35

36
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
37
# but this is overridden so installations will only check .ssh/authorized_keys
38
AuthorizedKeysFile  .ssh/authorized_keys
39

40
#AuthorizedPrincipalsFile none
41

42
# For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts
43
#HostbasedAuthentication no
44
# Change to yes if you don't trust ~/.ssh/known_hosts for
45
# HostbasedAuthentication
46
#IgnoreUserKnownHosts no
47
# Don't read the user's ~/.rhosts and ~/.shosts files
48
#IgnoreRhosts yes
49

50
# To disable tunneled clear text passwords, change to no here!
51
PasswordAuthentication no
52
#PermitEmptyPasswords no
53

54
# GSSAPI options
55
#GSSAPIAuthentication no
56

57
#AllowAgentForwarding yes
58
#AllowTcpForwarding yes
59
#GatewayPorts no
60
#PermitTTY yes
61
#PrintMotd yes
62
#PrintLastLog yes
63
#TCPKeepAlive yes
64
#UseLogin no
65
#PermitUserEnvironment no
66
#ClientAliveInterval 0
67
#ClientAliveCountMax 3
68
#UseDNS no
69
#PidFile /var/run/sshd.pid
70
#MaxStartups 10:30:100
71
#PermitTunnel no
72
#ChrootDirectory none
73
#VersionAddendum none
74

75
# no default banner path
76
#Banner none
77

78
# override default of no subsystems
79
Subsystem   sftp    sftp-server.exe
80

81
# Example of overriding settings on a per-user basis
82
#Match User anoncvs
83
#   AllowTcpForwarding no
84
#   PermitTTY no
85
#   ForceCommand cvs server
86

87
#Match Group administrators
88
#       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

启动#

1
 启动sshd服务
2
Start-Service sshd
3

4
# 将sshd服务设置为自动启动，若不设置需要在每次重启后重新开启sshd
5
Set-Service -Name sshd -StartupType 'Automatic'
6

7
# 确认防火墙规则，一般在安装时会配置好
8
Get-NetFirewallRule -Name *ssh*
9

10
# 若安装时未添加防火墙规则"OpenSSH-Server-In-TCP"，则通过以下命令添加
11
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22