Goal
Connect from Server A to Server B using SSH — first with a password, then upgraded to secure passwordless key login.
Step 1 — On Server B (the one you’re connecting INTO): Install & Start SSH
Open PowerShell as Administrator and run:
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Set-Service -Name sshd -StartupType 'Automatic'
Start-Service sshd
Set-NetConnectionProfile -NetworkCategory Private
What this does:
- Installs the OpenSSH Server component
- Sets it to start automatically on every reboot
- Starts it right now
- Sets the network to “Private” so firewall rules apply correctly
Verify it’s running:
Get-Service sshd
You should see Running.
Note: Installing the OpenSSH capability auto-creates the firewall rule for port 22. You normally don’t need to create it manually.
Step 2 — On Server A (the one you’re connecting FROM): Test the Connection
ssh administrator@<Server-B-IP>
- Type
yesto trust the host fingerprint (first time only) - Enter the password when prompted
If you land inside Server B — basic SSH access works.
Step 3 — Critical Check: Which Shell Are You In?
Once connected, look closely at your prompt:
| Prompt | Shell | Action |
|---|---|---|
PS C:\Users\Administrator> | PowerShell | Continue normally |
C:\Users\Administrator> (no “PS”) | cmd.exe | Type powershell and press Enter first |
Most setup errors happen because commands like Set-Content, Get-Acl, New-Item do not work in cmd.exe — only in PowerShell.
Permanent fix (optional): run this once on Server B so SSH always drops you into PowerShell:
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force
Step 4 — On Server A: Generate an SSH Key (for passwordless login)
Run this locally on Server A — not while SSH’d into anything:
ssh-keygen -t ed25519
type "$env:USERPROFILE\.ssh\id_ed25519.pub"
📋 Copy the full output line (starts with ssh-ed25519 ...).
Step 5 — On Server B: Add Server A’s Key
SSH into Server B, confirm you’re in real PowerShell (Step 3), then run:
$AuthFile = "C:\ProgramData\ssh\administrators_authorized_keys"
$PublicKey = "PASTE-YOUR-COPIED-KEY-HERE"
New-Item -ItemType Directory -Path "C:\ProgramData\ssh" -Force | Out-Null
Set-Content -Path $AuthFile -Value $PublicKey -Encoding Ascii
$Acl = Get-Acl -Path $AuthFile
$Acl.SetAccessRuleProtection($true, $false)
$Acl.SetAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule("NT AUTHORITY\SYSTEM","FullControl","Allow")))
$Acl.SetAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule("BUILTIN\Administrators","FullControl","Allow")))
Set-Acl -Path $AuthFile -AclObject $Acl
Why this exact file/path: administrators_authorized_keys is the special key file used only when logging in as an Administrator account. It must be placed in C:\ProgramData\ssh\, and the ACL step is required — without it, Windows silently rejects the key.
Then type exit to return to Server A.
Step 6 — Final Test
From Server A:
ssh administrator@<Server-B-IP>
Success = it logs in immediately, with no password prompt.
Quick Troubleshooting Reference
| Problem | Cause | Fix |
|---|---|---|
Connection timed out | Firewall/network profile blocking | Run Set-NetConnectionProfile -NetworkCategory Private on server |
'X' is not recognized... errors | You’re in cmd.exe, not PowerShell | Type powershell after SSHing in |
Permission denied after key setup | ACL not applied correctly, or wrong key pasted | Re-run Step 5 carefully, confirm exact key string |
Service sshd was not found | OpenSSH Server not installed yet | Run Step 1 first |
One-Line Summary
- Server B: install + start SSH.
- Server A: generate key.
- Server A → Server B: test password login.
- Inside session: confirm PowerShell (not cmd).
- Server B: add Server A’s public key + fix ACL.
- Server A → Server B: confirm passwordless login works.