Connect to Windows SSH server

windows_ssh.md

I got all this from https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse?tabs=powershell&pivots=windows-11

# Install the OpenSSH Server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

# Start the SSH service
Start-Service sshd

# Set it to start automatically on boot
Set-Service -Name sshd -StartupType 'Automatic'

# Confirm the Firewall rule is configured. It should be created automatically by setup. Run the following to verify
if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue)) {
    Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
    New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
    Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."
}

# Create the .ssh directory if it doesn't exist
if (!(Test-Path "$HOME\.ssh")) { New-Item -ItemType Directory -Path "$HOME\.ssh" }

# Create the authorized_keys file
if (!(Test-Path "$HOME\.ssh\authorized_keys")) { New-Item -ItemType File -Path "$HOME\.ssh\authorized_keys" }

2. Create in Ubuntu linux

# Generate the key (press Enter for all prompts to keep it passwordless)
ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -N ""

4. Copy the Public Key to Windows

Now, you need to copy the content of the .pub file from your Docker container into the authorized_keys file on Windows.

Inside the Docker container, run: cat ~/.ssh/id_rsa.pub

Copy the long string of text that starts with ssh-rsa.

On Windows, open C:\Users\YourUsername\.ssh\authorized_keys with Notepad and paste the string on a new line.

5. Final Permission Fix (Crucial for Windows)

Windows OpenSSH is very strict about permissions. If the authorized_keys file is "too open," it will ignore it. Run this in PowerShell to fix permissions:

$path = "$HOME\.ssh\authorized_keys"
# Disable inheritance
icacls.exe $path /inheritance:r
# Give your user full control
icacls.exe $path /grant "${env:username}:F"
# Ensure the SYSTEM account has access (required by SSH service)
icacls.exe $path /grant "SYSTEM:F"

Open the file: C:\ProgramData\ssh\sshd_config.

Scroll to the very bottom and look for these two lines:

Code snippet

Match Group administrators
    AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_key

Comment them out by adding a # at the start

Set PowerShell as the Default SSH Shell

By default, SSH might open cmd.exe. To ensure it opens PowerShell so your scripts work correctly, run this in the same Admin PowerShell:

New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force

Restart SSH in Windows

Restart-Service sshd

Test the Connection

Inside your PHP container, try to connect. The first time, it will ask if you trust the host; type "yes":

ssh -o StrictHostKeyChecking=no your_windows_username@host.docker.internal

-o StrictHostKeyChecking=no is optional

Since Docker containers are ephemeral (they reset when recreated), your SSH keys inside the container will disappear if you rebuild the container. To prevent this, mount a volume for the SSH folder in your docker-compose.yml:

services:
  php:
    volumes:
      - ./docker-data/ssh:/root/.ssh  # This keeps your keys safe on your disk

If you need change directory to WSL Linux folder, you can not due to some bug, so first you should type: wsl -e echo 1 to activate wsl in your sshed terminal and now you can cd \\wsl.localhost\Ubuntu\home\username\......