Windows equivalent of ssh - how to connect to a remote machine and access command line?
Solution 1:
Use Powershell Remoting:
Updated link: https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/running-remote-commands?view=powershell-7
Copy pasted form an older version:
Windows PowerShell Remoting
Windows PowerShell remoting, which uses the WS-Management protocol, lets you run any Windows PowerShell command on one or many remote computers. It lets you establish persistent connections, start 1:1 interactive sessions, and run scripts on multiple computers. To use Windows PowerShell remoting, the remote computer must be configured for remote management. After you have configured Windows PowerShell remoting, many remoting strategies are available to you. The remainder of this document lists just a few of them. #Start an Interactive Session To start an interactive session with a single remote computer, use the Enter-PSSession cmdlet. For example, to start an interactive session with the Server01 remote computer, type:
Enter-PSSession Server01
The command prompt changes to display the name of the computer to which you are connected. From then on, any commands that you type at the prompt run on the remote computer and the results are displayed on the local computer.
To end the interactive session, type:
Exit-PSSession
#Run a Remote Command
To run any command on one or many remote computers, use the Invoke-Command cmdlet. For example, to run a Get-UICulture command on the Server01 and Server02 remote computers, type:
invoke-command -computername Server01, Server02 {get-UICulture}
The output is returned to your computer.
LCID Name DisplayName PSComputerName
---- ---- ----------- --------------
1033 en-US English (United States) server01.corp.fabrikam.com
1033 en-US English (United States) server02.corp.fabrikam.com
#Run a Script
To run a script on one or many remote computers, use the FilePath parameter of the Invoke-Command cmdlet. The script must be on or accessible to your local computer. The results are returned to your local computer.
For example, the following command runs the DiskCollect.ps1 script on the Server01 and Server02 remote computers.
invoke-command -computername Server01, Server02 -filepath c:\Scripts\DiskCollect.ps1
#Establish a Persistent Connection
To run a series of related commands that share data, create a session on the remote computer and then use the Invoke-Command cmdlet to run commands in the session that you create. To create a remote session, use the New-PSSession cmdlet.
For example, the following command creates a remote session on the Server01 computer and another remote session on the Server02 computer. It saves the session objects in the $s variable.
$s = new-pssession -computername Server01, Server02
Now that the sessions are established, you can run any command in them. And because the sessions are persistent, you can collect data in one command and use it in a subsequent command.
For example, the following command runs a Get-Hotfix command in the sessions in the $s variable and it saves the results in the $h variable. The $h variable is created in each of the sessions in $s, but it does not exist in the local session.
invoke-command -session $s {$h = get-hotfix}
Now you can use the data in the $h variable in subsequent commands, such as the following one. The results are displayed on the local computer.
invoke-command -session $s {$h | where {$_.installedby -ne "NTAUTHORITY\SYSTEM"} }
Solution 2:
Try tunnellier from Bitvise. That is an ssh client. There's also an ssh server for connecting to a windows machine. The two enable you to make very secure connections along with more advanced things like a web proxy or port tunneling.
Solution 3:
Install OpenSSH port for Windows - it's free and provides both client and server.
Solution 4:
I really like the idea of PowerShell, though the configuration may take a couple of minutes on server and client.
Aside the complete answer of Shanteva, which suggests the use of PowerShell, you should also take a look at Here on howtogeek website on how to actually Enable (and Allow) a remote connection to the PowerShell server. There is a slight bit of configuration required on the server computer.
Two important things you need to do: (I don't have to mention that you have to do every configuration 'as an administrator' right? Just open PowerShell/cmd 'As an administrator')
- First, enable the WINRM service (the windows application that processes remote commands) on the SERVER.
On the server computer, open PowerShell and run:
Enable-PSRemoting -Force
There is also other way of doing this. You can open a command prompt and run:
winrm -quickconfig
There could be much more configurations to change. No need for now.
- Second, it is noteworthy that the client and server are always trying to authenticate each other. The server wants to make sure the client does actually have allowed access to the server or not. For this sake you are going to provide some authentication information to the server (similar to SSH, you maybe providing Username/Password). Conversely, the client wants to make sure that the server is a trusted one. Different schemes can be used, such as trusting a server who provides a smart public certificate or trusting based on IP address or maybe just trusting everyone!! Again we have the same procedure on SSH where a server can provide some authentication information. (Let's just forget the SSH details for now.)
If both computers are on the same 'domain' (a group of computers which everyone have different rules and roles assigned to), the procedure seems to be simple (I haven't tried that).
BUT, as you probably want to access your server through Internet (technically called the WAN network), there are some complications and you have to change some configuration to allow the connection to the remote server. On the CLIENT computer enable the WINRM service. The procedure is similar to what we've done for server above. Just run the command:
Enable-PSRemoting -Force
(Again noteworthy! Some references say that the client computer and the server computer must be on 'Private' networks, or the whole thing won't work. I'm getting error messages for this when I run the above command but everything works find. I'm not sure of this fact. Check the aforementioned web page.)
Then run on the CLIENT computer in PowerShell:
Set-Item wsman:\localhost\client\trustedhosts *
Which means that the client will trust all servers (hosts). Finally, run this (on the CLIENT again I emphasize):
Restart-Service WinRM
You are ready to go. Check rest of Shanteva's answer. On the CLIENT computer, run for instance:
Enter-PSSession -ComputerName 12.34.56.78 -Credential Administrator
It will ask for a password and the remote console opens which looks like:
[12.34.56.78]: PS C:\Users\Administrator\Documents>
Then just enter commands like you do for SSH.