先决条件

系统版本
```
winver.exe
```
PowerShell 5.1 或更高
```
$PSVersionTabel.PSVersion
```
安装MSI包：可视化配置PS **https://aka.ms/powershell-release?tag=stable**；

Windows PowerShell 不同于 PowerShell 7+ https://github.com/PowerShell/PowerShell| 替换需要手动设置终端settings（depublic+修改启动路径）

中文https://wangtwothree.com/code/151.html#:~:text=%E4%BD%BF%E7%94%A8%20powershell%20%E6%88%96%E8%80%85%20CMD%20%E6%97%B6%E4%B8%AD%E6%96%87%E6%98%BE%E7%A4%BA%E4%B9%B1%E7%A0%81%EF%BC%8C%E6%AF%8F%E6%AC%A1%E9%83%BD%E8%A6%81%E6%89%8B%E5%8A%A8%E6%89%A7%E8%A1%8C%20chcp%2065001%EF%BC%8C%E4%BB%8A%E5%A4%A9%E7%BB%88%E4%BA%8E%E6%89%BE%E5%88%B0%E4%B8%80%E4%B8%AA%E6%B0%B8%E4%B9%85%E8%A7%A3%E5%86%B3%E7%9A%84%E5%8A%9E%E6%B3%95%E3%80%82%20%E8%A7%A3%E5%86%B3%E4%B9%8B%E5%89%8D%EF%BC%9A,936%EF%BC%8C%E8%BF%99%E4%B8%AA%E6%97%B6%E5%80%99%E6%98%BE%E7%A4%BA%E7%9A%84%E4%B8%AD%E6%96%87%E6%98%AF%E4%B9%B1%E7%A0%81%E7%9A%84%E3%80%82%20%E6%B0%B8%E4%B9%85%E8%A7%A3%E5%86%B3%E6%96%B9%E6%B3%95%EF%BC%9A%20%E6%89%93%E5%BC%80%20%E6%8E%A7%E5%88%B6%E9%9D%A2%E6%9D%BF%E2%80%94%3E%E6%97%B6%E9%92%9F%E5%92%8C%E5%8C%BA%E5%9F%9F%E2%80%94%3E%E5%8C%BA%E5%9F%9F-%3E%E7%AE%A1%E7%90%86%E2%80%94%3E%E6%9B%B4%E6%94%B9%E7%B3%BB%E7%BB%9F%E5%8C%BA%E5%9F%9F%E8%AE%BE%E7%BD%AE%20%E5%8B%BE%E9%80%89%EF%BC%9A%E4%BD%BF%E7%94%A8%20Unicode%20UTF-8%20%E6%8F%90%E4%BE%9B%E5%85%A8%E7%90%83%E8%AF%AD%E9%9F%B3%E6%94%AF%E6%8C%81 |https://zhuanlan.zhihu.com/p/15126551955
管理员权限

OpenSSH

<aside>

至少有三种方案：

OpenSSH方案：通用且不依赖PShttps://learn.microsoft.com/zh-cn/windows-server/administration/openssh/openssh_install_firstuse?tabs=gui&pivots=windows-server-2025
PowerShell 6+ plus WinRM方案：需要所有计算机安装PS 6+ https://learn.microsoft.com/zh-cn/powershell/scripting/security/remoting/ssh-remoting-in-powershell?view=powershell-7.4
PowerShell plus WSMan方案：非windows平台不支持https://learn.microsoft.com/zh-cn/powershell/scripting/security/remoting/wsman-remoting-in-powershell?view=powershell-7.5&source=recommendations </aside>

建议使用Windows Linux Mac通用的OpenSSH方案。

启用OpenSSH

安装和启用OpenSSH服务端及客户端组件https://learn.microsoft.com/zh-cn/windows-server/administration/openssh/openssh_install_firstuse?tabs=powershell&pivots=windows-server-2022#install-openssh-for-windows-server
Windows Server 2025 默认已安装OpenSSH

# Start the sshd service
Start-Service sshd
# 自动启动 SSHD
Set-Service -Name sshd -StartupType 'Automatic'
# 验证 SSHD 安装过程是否自动配置了防火墙规则，并补齐
if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {
    Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
    New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
    Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."
}

添加用户到OpenSSH用户组：计算机管理（管理员）→本地用户和组→组→OpenSSH用户→reboot生效|

之后要在Server端sshd_config配置AllowGroups参数为”OpenSSH 用户” （”OpenSSH Users” 非英文用户注意具体名称变化）
```
%programdata%\\ssh\\sshd_config
```
配置文件小计
- 取消密码 PasswordAuthentication no
- 允许密钥对 PubkeyAuthentication yes
- 管理员特殊设置（Windows 默认）
```
Match Group administrators
       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
```
whoami PowerShell 7.x

Windows 的用户名可以用管理员身份的Terminal 输入whoami 命令获取，格式为 电脑名\\用户名
```
whoami
```
- tailscale Tailscale
```
tailscale ip
tailscale status
```

基于密钥对的身份认证

https://learn.microsoft.com/zh-cn/windows-server/administration/openssh/openssh_keymanagement#user-key-generation

生成密钥对：【Client】添加密钥 - #1

<aside>

目前最好（安全，方便）ed25519 和 NIST P-384密钥（ecdsa -b 384）；

ssh凭证管理器【ssh-agent】；

Windows提供与Windows安全体系集成的方案：1. Windows凭证管理器（弱软件） 2. TPM可信平台模块【TPM】（强硬件）。

</aside>
【Server端】sshd_config 文件
- Windows 默认读取*%programdata%\\ssh\\sshd_config*
- Linux 默认读取 /etc/ssh/sshd_config
- 命令参数 -f
sshd_config配置清单/etc/ssh/sshd_config