# Windows Server 2022 Jumpbox ### I. Install OpenSHH 1. On the Windows server, open the Settings and go to Apps.

2. Go to Optional Features.

3. Install OpenSSH Server.

### II. Switch On OpenSSH Server 1. Open Computer Management application. 2. Go into Services and Applications > Services. 3. Click on OpenSSH Server. 4. Set Startup type to Automatic and click on Start.

5. Keep this window open, we will have to come back to it soon. ### III. Set Up OpenSSH Server 1. Open a terminal with **Administrator role** 2. Open the OpenSSH Server config file by running:\ `notepad "C:\ProgramData\ssh\sshd_config"` 3. Uncomment PubkeyAuthentication.

4. Uncomment PasswordAuthentication and set it to no.

5. Comment out the 2 last lines of the file (Match Group Administrator).

6. Save and quit the file. If you cannot save, you most certainly did not open the terminal as an Administrator, you need to open a new terminal with Administrator rights and redo the configuration changes done in this section. 7. In the Computer Management window, restart the OpenSSH Server.

### IV. Upload the Public SSH key of the server you want to connect from 1. Go to Users, then open the folder associated with the Windows user you want to connect to. 2. Create a new folder `.ssh`

3. In this newly created folder, create an empty text file `authorized_keys` 4. By default, text files are created with a `.txt` extension, we need to remove it. 1. Click View in the header bar. 2. Tick the checkbox `File name extensions`

3. The `.txt` file extension should now be visible.

4. Rename the file to remove the file extension. You can safely ignore the warning.

5. Add the **PUBLIC** SSH key of the server that you want to grant access to this Windows server we are currently configuring. The public key is of the form: `ssh- ` . ### V. Test Try connecting through SSH to the Windows instance we just set up:

ssh -i <path_to_ssh_private_key_of_client> <ssh_user>@<windows_server_public_ip>

where: * `-i `: Specifies the private key file for authentication of the client, not of the Windows machine. The private key file should be readable and writable only by its owner and should be of the form: ``` -----BEGIN PRIVATE KEY----- ... ... -----END PRIVATE KEY----- ``` * `ssh_user` : the Windows User for which you uploaded the client public key. In the screenshots above it is 'alexis'. * ``: The public IP address of the Windows server. You should now have been able to access this Windows server through SSH :tada:\ If you are blocked or have any question, feel free to reach out to us at we're happy to help! ### Troubleshooting of common errors {% hint style="info" %} Permissions 0644 for `` are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. -> You need to let only the owner of the file read and write to that file.\ Run this: `chmod 600 ` {% endhint %} {% hint style="info" %} 'export' is not recognized as an internal or external command, operable program or batch file.\ -> This is an error due to your client terminal, try using the default terminal of the client machine. This error typically happens when using Warp as terminal. {% endhint %} {% hint style="info" %} Permission denied (publickey,keyboard-interactive). -> You most certainly missed one of the above steps of that tutorial, or the public SSH key uploaded on the Windows server does not correspond to the private SSH key of the client. {% endhint %} {% hint style="info" %} timeout error -> The Windows server is not listening to the client IP and the port you are trying to connect to (SSH default port is 22). Make sure you whitelisted the client IP. {% endhint %}