Windows 2019 OpenSSH Jump Server - Account Setup


With the availability of OpenSSH on Windows 2019 it may be preferable to lock down the amount of access an account has to perform certain tasks.  This article will cover the minimum permissions required for a windows 2019 jump server with the Winsshd type connection so you can utilise the following modules:

  • SovLabs Active Directory
  • SovLabs Microsoft DNS
  • SovLabs Microsoft IPAM


  • Have licensed and up to date SovLabs modules
  • Have installed RSAT tools on your jump server
  • Have installed and configured OpenSSH on your jump server
  • Have installed IPAM client (if required) and configured on your jump server
  • Have configured an account for use (preferred an Active Directory account)
  • Have firewall rules open between vRA/vRO and your Jump server to allow SSH to function


Local temp folder permissions (Applies to AD/DNS/IPAM)

  1. On your jump server, your service account will need to have modify permissions on your temporary folder (In this example the folder is c:\Sovlabs)
    NOTE: We recommend creating a separate folder for the temporary storage of Powershell scripts that are copied across for utilization.

No other permissions are required on your jump server apart from access to the temporary folder.  All other permissions required are for your Microsoft AD, Microsoft DNS and Microsoft IPAM.  Please see additional information for links to articles relating to these configurations

Additional information

Setup Open SSH on a Windows 2019 Server :
Setting up RSAT tools :
Active Directory Account Setup :
Microsoft DNS Account Setup :
Microsoft IPAM Account Setup :
vRO Telnet Test :

Have more questions? Submit a request


Please sign in to leave a comment.