SovLabs Support

Submit a Ticket My Tickets
Welcome
Login

Set up OpenSSH on Windows 2019 with Sovlabs Microsoft Endpoint

Overview

Microsoft has released built in support for OpenSSH Server with Windows Server 2019. Sovlabs now supports OpenSSH connections (Winsshd) for usage with Microsoft Endpoints.


Considerations

This How-To will reference support documentation provided by Microsoft via (https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse) as well as use-case studies found from Sovlabs Internal test cases


Procedure

Install OpenSSH Server via Powershell

  1. Connect to the target Windows Server 2019 environment and run the below commands
  2. Launch PowerShell as an Administrator. To make sure that the OpenSSH features are available for install:


    Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'
    
    # This should return the following output: 
    Name : OpenSSH.Client~~~~0.0.1.0 
    State : NotPresent Name : 
    OpenSSH.Server~~~~0.0.1.0 
    State : NotPresent


  3. Then, install the server and/or client features:

    # Install the OpenSSH Client
    
    Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
    
    # Install the OpenSSH Server
    Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
    
    # Both of these should return the following output:
    
    Path          :
    Online        : True
    RestartNeeded : False

Initial Configuration of SSH Server

To configure the OpenSSH server for initial use on Windows, perform the steps below...

  1. launch PowerShell as an administrator, then run the following commands to start the SSHD service:


    Start-Service sshd
    
    # OPTIONAL but recommended:
    Set-Service -Name sshd -StartupType 'Automatic'
    # Confirm the Firewall rule is configured. It should be created automatically by setup. 
    
    Get-NetFirewallRule -Name *ssh*
    # There should be a firewall rule named "OpenSSH-Server-In-TCP", which should be enabled
    # If the firewall does not exist, create one
    New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22


Test SSH Connection

  1. Test the connection to the IP or FQDN of the Windows 2019 target server via Putty or an alternative SSH method
  2. Test the connection from the vRA/vRO server using the Sovlabs Telnet Test troubleshooting workflow located in vRO at the following folder path: SovLabs > vRA Utilities > Networking


Configure the Sovlabs Microsoft Endpoint to use the OpenSSH (winsshd) connection type

  1. Follow the steps to configure the Sovlabs Microsoft Endpoint for OpenSSH (aka: winsshd) - http://docs.sovlabs.com/latest/vRA/7.6/modules/platform-extensions/microsoft-ad/setup/#add-microsoft-endpoint
  2. Special Note: Username must be in basic format, do not include the domain in the username
    1. Wrong (username: svc-account@domain.com)
    2. Correct (username: svc-account)


Additional information

  1. If you encounter trouble with the initial installation of OpenSSH server via the Powershell script, please ensure to apply the latest Windows Updates and reboot prior to attempting again as documented here
  2. After initial installation of OpenSSH server is configured, a reboot is normally necessary post before any testing can be done


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.