Microsoft IPAM/DNS/AD - Set up OpenSSH on Windows 2019 with Sovlabs Microsoft Endpoint


Microsoft has released built in support for OpenSSH Server with Windows Server 2019. SovLabs now supports OpenSSH connections for use with Microsoft Endpoints used by the following SovLabs plugin integrations:

  • Microsoft AD
  • Microsoft IPAM
  • Microsoft DNS


This How-To will reference support documentation provided by Microsoft via ( as well as use-case studies found from SovLabs Internal test cases.

Please consider additional security considerations after enabling OpenSSH on Windows by navigate to


Install OpenSSH Server via Powershell

  1. Connect to the target Windows Server 2019 environment and run the below commands
  2. Launch PowerShell as an Administrator. To make sure that the OpenSSH features are available for install:

    Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'
    # This should return the following output: 
    Name : OpenSSH.Client~~~~ 
    State : NotPresent Name : 
    State : NotPresent

  3. Then, install the server and/or client features:

    # Install the OpenSSH Client
    Add-WindowsCapability -Online -Name OpenSSH.Client~~~~
    # Install the OpenSSH Server
    Add-WindowsCapability -Online -Name OpenSSH.Server~~~~
    # Both of these should return the following output:
    Path          :
    Online        : True
    RestartNeeded : False

Initial Configuration of SSH Server

To configure the OpenSSH server for initial use on Windows, perform the steps below...

  1. launch PowerShell as an administrator, then run the following commands to start the SSHD service:

    Start-Service sshd
    # OPTIONAL but recommended:
    Set-Service -Name sshd -StartupType 'Automatic'
    # Confirm the Firewall rule is configured. It should be created automatically by setup. 
    Get-NetFirewallRule -Name *ssh*
    # There should be a firewall rule named "OpenSSH-Server-In-TCP", which should be enabled
    # If the firewall does not exist, create one
    New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

Test SSH Connection

  1. Test the connection to the IP or FQDN of the Windows 2019 target server via Putty or an alternative SSH method
  2. Test the connection from the vRA/vRO server using the Sovlabs Telnet Test troubleshooting workflow located in vRO at the following folder path: SovLabs > vRA Utilities > Networking

Configure the Sovlabs Microsoft Endpoint to use the OpenSSH connection type

  1. Follow the steps to configure the Sovlabs Microsoft Endpoint for OpenSSH -
  2. Special Note: Username must be in basic format, do not include the domain in the username
    1. Wrong (username:
    2. Correct (username: svc-account)

Additional information

  1. If you encounter trouble with the initial installation of OpenSSH server via the Powershell script, please ensure to apply the latest Windows Updates and reboot prior to attempting again as documented here
  2. After initial installation of OpenSSH server is configured, a reboot is normally necessary post before any testing can be done

Additional Commands to consider

  1. Running the following script may be necessary to invoke the latest SSH Utilities

    Install-Module –Name PowerShellGet –Force

Have more questions? Submit a request


Please sign in to leave a comment.