OpenSSH on Windows

Install native Windows (10+) client

1. To install OpenSSH, follow the steps below:

   • Go to "Settings" > "Apps" > "Apps and Features" > "Optional Features".

   • Scan this list to see if OpenSSH client is already installed.

   • If not, at the top of the page select "Add a feature", then locate "OpenSSH Client" and click "Install".

   • At the end you will have well-known ssh utilities: ssh, scp etc.

Open

 

Open

Generate a ssh key pair

1. Run Windows PowerShell either via "Start menu" or "Run command" dialog (Win + R key stroke)

2. You should generate a ssh private key of "Ed25519" type or you will encounter this serious bug . Run the following commands:

   • Create .ssh directory: mkdir $HOME/.ssh

   • Generate a private key (replace "test-key" by choosen filename and "username@physics.mcgill.ca" by your email address): ssh-keygen -t ed25519 -f "$HOME/.ssh/test-key" -C "username@physics.mcgill.ca"

   • Enter the choosen passpharse when you will be prompted for it. Do not set a blank passphrase!

3. Now it is time to add the new ssh public key to your physics account (replace "test-key" by the name of your key).

   • If you are using a Department computer: bring the file $HOME/.ssh/test-key.pub on a usb stick and run

     test -d ~/.ssh || mkdir ~/.ssh; chmod 0700 ~/.ssh; cat /path/to/test-key.pub >> ~/.ssh/authorized_keys.

   • If you are working remotely: send the file $HOME/.ssh/test-key.pub to science.it@mcgill.ca.

4. Test the connection with your new key.

   • Create the file $HOME/.ssh/config: Write-Output "" | Out-File -Encoding "ASCII" $HOME/.ssh/config, and open it: notepad $HOME/.ssh/config

   • Add the following content to this file (replace “*.meteo.mcgill.ca” with “*.physics.mcgill.ca“ or “*.cs.mcgill.ca“ depending on your department, "test-key" by the name of your key and "username" by your physics/aos/cs username):

     Host *.meteo.mcgill.ca User username PreferredAuthentications publickey,password IdentityFile ~/.ssh/test-key IdentitiesOnly yes AddKeysToAgent yes ForwardAgent yes HashKnownHosts yes Compression yes Port 22 Protocol 2 ServerAliveInterval 60 ServerAliveCountMax 10

   • Save and close this file

   • Connect to one of our department jumphosts :

     ssh zephyr.meteo.mcgill.ca

   • You will be prompted for the passphrase of your ssh private key

Use ssh-agent service

1. SSH agent allows a user to enter a passphrase for unlocking various SSH keys once at the start of a session.

2. Lets configure ssh-agent service.

   • Run Windows PowerShell with elevated privileges: find it in "Start Menu", then right-click on the icon and select "Run as Administrator"

   • Check is service running: Get-Service ssh-agent

   • Enable it: Set-Service ssh-agent -StartupType Automatic

   • Start the service: Start-Service ssh-agent

   • Check it again: Get-Service ssh-agent

   • Close the PowerShell session with elevated privileges

3. Now it is time to add your ssh private key to ssh-agent. You should do it only once, Windows will unlock ssh keys upon logon.

   • Check ssh-agent for loaded keys: ssh-add -l

   • Add your key to ssh-agent (replace "test-key" by the name of your key): ssh-add $HOME/.ssh/test-key

   • You will be prompted for the passphrase of your ssh private key

   • Check ssh-agent again: ssh-add -l

   • Now you should be connected to choosen portal without any prompts: ssh zephyr.meteo.mcgill.ca

Useful Links:

1. OpenSSH for Windows installation

2. OpenSSH for Windows key management

3. OpenSSH documenation