Introduction
The integration of SSH with Windows represents a significant advancement for system administrators working in cross-platform environments. Microsoft’s goal has been to tightly integrate the open source Secure Shell (SSH) protocol with Windows and PowerShell, enabling two-way remote management between Linux and Windows systems. This approach provides administrators with a unified method for managing diverse environments, from Windows servers to Linux machines, network devices, and cloud infrastructure.
SSH is the standard remoting tool for Linux, and Microsoft has added native support for it on clients running Windows 10 build 1809 or newer and Windows Server 2019 or newer. Starting with Windows Server 2025, OpenSSH now comes pre-installed, further simplifying deployment in enterprise environments. This evolution highlights Microsoft’s commitment to embracing open standards and fostering cross-platform compatibility.
Problem Definition
Traditionally, PowerShell remoting relied on Windows Remote Management (WinRM) using the WS-Management protocol. WinRM handles remote connection negotiation and data transport through SOAP (Simple Object Access Protocol) and takes advantage of firewall-friendly HTTP (TCP port 5985) or HTTPS (TCP port 5986) protocols. While effective within Windows environments, this approach presents challenges when working with non-Windows systems or in scenarios without Active Directory.
Managing systems without Active Directory using WinRM requires configuring trusted hosts and setting up PowerShell remoting for HTTPS, as the default HTTP protocol is not secure outside a domain. This process can be complex and requires managing SSL/TLS certificates. Additionally, WinRM is not natively supported in .NET Core, which powers PowerShell Core (now simply known as PowerShell 7+), limiting cross-platform remoting capabilities.
The need for a universal, secure, and platform-agnostic remoting protocol has become increasingly important as organizations adopt hybrid infrastructure models spanning on-premises Windows servers, Linux systems, and cloud platforms.
Solution Options
Installing OpenSSH on Windows
There are several methods to install OpenSSH on Windows, depending on your operating system version:
For Windows 10 (build 1809 or later) and Windows Server 2019/2022/2025:
OpenSSH is available as an optional feature that can be installed directly through Windows. Starting with Windows Server 2025, OpenSSH is now installed by default.
To check if OpenSSH is already installed and install it if needed:
# Check if OpenSSH is installed
Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'
# Install OpenSSH Client (if needed)
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
# Install OpenSSH Server (if needed)
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
For older Windows versions:
For systems running older versions of Windows, you can download OpenSSH from GitHub or use package managers like Chocolatey for installation.
Using Chocolatey is recommended for simplicity as it automates several necessary tasks.
Configuring OpenSSH Server
After installation, the SSH server needs to be configured to work with PowerShell remoting:
- Start and configure the SSH service:
# Start the SSH service
Start-Service sshd
# Set the service to start automatically
Set-Service -Name sshd -StartupType 'Automatic'
# Verify the firewall rule is configured
Get-NetFirewallRule -Name *ssh*
- Configure PowerShell as a subsystem:
Edit the sshd_config file located at $Env:ProgramData\ssh to add PowerShell as a subsystem.
Add the following line to the file:
Subsystem powershell C:/Program~1/PowerShell/7/pwsh.exe -NoProfile -sshs
Starting in PowerShell 7.4, you no longer need to use the -NoLogo parameter when running PowerShell in SSH server mode.
- Restart the SSH service to apply changes:
Restart-Service sshd
Using PowerShell Remoting Over SSH
PowerShell 7+ includes enhanced cmdlets that support SSH as a transport protocol:
You can use PowerShell remoting cmdlets such as Enter-PSsession and Invoke-Command on a PowerShell 7 console via SSH. The key difference is using the -HostName
parameter instead of -ComputerName
to specify SSH as the transport protocol.
# Connect to a remote session using SSH
Enter-PSSession -HostName server.example.com -UserName username
# Run commands remotely using SSH
Invoke-Command -HostName server.example.com -UserName username -ScriptBlock { Get-Process }
For added security, you can configure SSH to use key-based authentication instead of passwords:
# Create an SSH key pair
ssh-keygen -t rsa -b 4096
# Copy your public key to the remote server
ssh-copy-id username@server.example.com
Automating Management
The ability to use PowerShell over SSH opens up new possibilities for automation in cross-platform environments:
- Configuration Management Tools: If you’re introducing Windows into a Linux environment where your configuration management tool, such as Ansible, is already configured for SSH, you can continue using your existing automation infrastructure. Ansible now supports managing Windows over SSH, although it is considered experimental at this stage.
- Scheduled Tasks and Scripts: Create scheduled tasks that use PowerShell remoting over SSH to manage systems across your infrastructure, regardless of operating system.
- CI/CD Pipelines: Integrate SSH-based PowerShell remoting into your deployment pipelines for consistent application and configuration deployment across heterogeneous environments.
- PowerShell Modules: The Microsoft.PowerShell.RemotingTools module provides additional functionality to simplify SSH remoting configuration:
# Install the RemotingTools module
Install-Module Microsoft.PowerShell.RemotingTools
# Enable SSH remoting with a single command
Enable-SSHRemoting
Conclusion
PowerShell remoting over SSH represents a significant advancement in Microsoft’s cross-platform strategy. SSH is likely to become the remoting protocol of choice for Windows users and as part of the future direction of all Microsoft applications. The native integration of OpenSSH with Windows and PowerShell provides administrators with a unified, secure method for managing diverse IT environments.
While WinRM still offers certain advantages within pure Windows environments, such as Just Enough Administration (JEA) and custom session configurations, SSH provides a more universal approach that works seamlessly across operating systems. As organizations continue to adopt hybrid infrastructure models, the ability to use a common remoting protocol becomes increasingly valuable.
The evolution of OpenSSH support in Windows—from a manual installation process to being included by default in Windows Server 2025—demonstrates Microsoft’s commitment to embracing open standards and supporting heterogeneous environments.
We Can Assist
Need help implementing PowerShell remoting over SSH in your environment? Have questions about specific configurations or automation scenarios? Contact us for personalized assistance tailored to your organization’s needs. Our team of Microsoft-certified experts can help you design and implement a secure, efficient remote management solution that leverages the full potential of PowerShell and OpenSSH.
References
- PowerShell Remoting Over SSH
- Get started with OpenSSH for Windows
- Install and enable SSH on Windows Server 2025
- How to set up PowerShell remoting over SSH
- PowerShell Core SSH Remoting
- OpenSSH
- Chocolatey OpenSSH
- Use Powershell to modify your enviromental path
- Powershell Set Service
- How do I open ports with Powershell
- Getting Started with PowerShell Core on Windows, Mac, and Linux
- Microsoft Transitioning Windows PowerShell 6.0 into PowerShell Core
- PowerShell 6.0 Roadmap: CoreCLR, Backwards Compatibility, and More!
- PowerShell Core 6.0: Generally Available (GA) and Supported!
- PowerShell Remoting Over SSHWhy Remoting vs. SSH Isn’t Even a Thing
- Porting to .NET Core – Libraries (See remoting section)
- Looking Forward: Microsoft Support for Secure Shell (SSH)
Leave a Reply
Want to join the discussion?Feel free to contribute!