SSH into your Windows Machine

· Vodka Rat - 伏特加鼠

A painful procedure for accessing your Windows machine

Why? #

I daily drive a Debian Laptop and want to use the integrated graphics card on my old gaming laptop for ML projects. The fight to get this working was a tough one. Here is a quick guide on what I did. This is only a very basic guide and is only meant for users accessing from within their local subnet (or using wireguard or something similar to simulate being on the local netowrk).

Your local connection #

First ensure the network you are connected to has the private profile type, this is accessible through WiFi settings.

Can I access my Windows machine? #

If you cannot ping your machine, change the firewall rules in powershell.

1Set-NetFirewallRule -Name "CoreNet-Diag-ICMP4-EchoRequest-In" -Enabled True -RemoteAddress LocalSubnet

You can verify (and view all other ICMP firewall rules) using:

1Get-NetFirewallRule -DisplayName "*ICMP*" | Format-Table Name, Enabled, Action, @{Name="RemoteAddress"; Expr={$_.RemoteAddress}}

Enable SSH #

Next, download the OpenSSH Server feature. You can dowload this using "Optional features" in settings, or by using the powershell command:

1Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH.Server*'
2Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

You can now start the SSH daemon

1Start-Service sshd

To make it automatically run on startup:

1Set-Service -Name sshd -StartupType Automatic

Pubkey authentication #

Start by enabling PubKeyAuthentication in sshd_config:

1notepad C:\ProgramData\ssh\sshd_config

Set the PubKeyAuthentication line to:

PubKeyAuthentication yes

Your keys #

From here, I'm going to assume that your account has admin privileges, I'll cover basic users later on.

Create the administrators_authorized_keys file using this command:

1New-Item -ItemType File -Force C:\ProgramData\ssh\administrators_authorized_keys

Then use notepad to copy and paste the public key you intend to use. Creating the file using notepad seems to throw errors so be sure to use the above command.

Next, add the necessary access permissions:

1icacls C:\ProgramData\ssh\administrators_authorized_keys /inheritance:r
2icacls C:\ProgramData\ssh\administrators_authorized_keys /grant "Administrators:F" /grant "SYSTEM:F"

Restart the sshd, and you should be done.

1Restart-Service sshd

Not an admin account #

Haven't tested this route and don't intend to. At this scale you will find most benefit from just setting your account to an admin profile.

Otherwise, add your keys to your user's \.ssh directory and then grant permissions.

1notepad C:\Users\<username>\.ssh\authorized_keys
2icacls C:\Users\<username>\.ssh /inheritance:r
3icacls C:\Users\<username>\.ssh /grant <username>:(OI)(CI)F
4icacls C:\Users\<username>\.ssh\authorized_keys /inheritance:r
5icacls C:\Users\<username>\.ssh\authorized_keys /grant <username>:F

Hope this helps.

last updated:

拜拜