关于Windows中OpenSSH服务端的安装、密钥管理及Windows Terminal设置连接,参考微软官方文档。
Windows OpenSSH服务器配置以管理员身份运行PowerShell:
Get-WindowsCapability -online | Where-Object Name -like 'OpenSSH*'
# Install the OpenSSH Client if its state is NotPresent
Add-WindowsCapability -online -Name OpenSSH.Client~~~~0.0.1.0
# Install the OpenSSH Server
Add-WindowsCapability -online -Name OpenSSH.Server~~~~0.0.1.0
# Start the sshd service
Start-Service sshd
# OPTIonAL but recommended:
Set-Service -Name sshd -StartupType 'Automatic'
# Confirm the Firewall rule is configured. It should be created automatically by setup. Run the following to verify
if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {
Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."
}
密钥管理
客户端配置主机管理文件(可省略)
Windows服务器IP地址为192.168.1.111, 用户名为user1,修改C:Usersusername.sshconfig文件:
Host server HostName 192.168.1.111 Port 22 User user1客户端密钥生成
客户端生成任意加密方式的密钥文件,以RSA方式为例,在PowerShell中执行:
ssh-keygen -t rsa -b 4096 -C "zhy@domain.com"
密钥文件默认保存在客户端主机的C:Usersusername.ssh路径下,passphrase根据需求填写,可以为空,但不安全。生成的公钥文件为id_rsa.pub。
为服务端添加管理用户# Make sure that the .ssh directory exists in your server's user account home folder ssh server mkdir C:ProgramDatassh # Use scp to copy the public key file generated previously on your client to the authorized_keys file on your server scp C:Usersusername.sshid_rsa.pub server:C:ProgramDatasshadministrators_authorized_keys # Appropriately ACL the authorized_keys file on your server ssh --% server icacls.exe "C:ProgramDatasshadministrators_authorized_keys" /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F"
需要注意的是,如果有多个客户端使用此方式连接服务器,则应该在administrators_authorized_keys文件后追加公钥pub文件,而不是覆盖写入.
Windows Terminal设置连接编辑Windows Terminal的配置文件settings.json,在profiles的list中添加配置项:
{
"name":"server",
"commandline":"ssh server",
// "colorScheme": "One Half Dark",
// "useAcrylic": true
},
