Remotely shutting down a Windows 10 PC with SSH

switch
configuration
Tags: #<Tag:0x00007fd07685afb8> #<Tag:0x00007fd07685ad60>

#1

Intro

In this, I’ll show you how to remotely shutdown (or really do anything with) a Windows 10 PC with Microsoft’s implementation of an OpenSSH server. This helps with controlling HTPCs or living room gaming PCs without installing anything third-party.

I’ll be making the assumption that you have physical or RDP access to the Windows computer that you want to control, and that you’re the Administrator of the computer. I’m also assuming you have a basic understanding of PowerShell. I’m also assuming that you’re running Hassio with an SSH addon or something equivalent, or otherwise have a Linux installation of Home Assistant and know how to operate SSH.

I basically combined a couple of different guides and suggestions to get to this, but this way you don’t need to figure as much out. Alright! Here we go.

Configuration

First and foremost, you’re going to want to install OpenSSH Client and Server on your Windows PC. Open PowerShell with administrative access and run these two commands to install OpenSSH

# Install OpenSSH Client and Server
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

Now, we’re going to start the SSH server service and make sure it always starts the service on boot

Start-Service sshd
Set-Service -Name sshd -StartupType 'Automatic'

At this point, try connecting with another computer, or even your Hassio install. Your username will be whatever your local account name is. Not your Microsoft account. You can figure this out just by looking in C:\Users\[one of these is your account]

Can you connect? Sweet! Now on to setting up key pairs so you don’t need those pesky passwords. Following GitHub’s guide to this is the easiest way to figuring this out, but I’ll copy the relevant steps here if you just wanna power through it.

After connecting to your Hassio machine, do the following:

# Generate the public and private key pairs on Hass.io
# Just press enter through everything, you don't need to enter a passphrase
ssh-keygen

# Start ssh-agent in the background
eval "$(ssh-agent -s)"

# Add your keys
ssh-add ~/.ssh/id_rsa

# Next, copy your generated files to /config (or equivalent) so Home Assistant can access it
cp ~/.ssh /config

Check that you now have a .ssh folder in your /config directory, containing at least id_rsa and id_rsa.pub

Now let’s add those keys to Windows! Copy the contents of id_rsa.pub somewhere where you can access it on your Windows computer. The file should be one line, starting with ssh-rsa AAgoosFI%3gh$rf...(etc)

After logging into your account on Windows, open Explorer and go to:
C:\Users\\[username]\.ssh
If this folder doesn’t exist, create it. Create a new file called authorized_keys with no file extension, open it in Notepad, and paste in the contents of the id_rsa.pub file from earlier. Now we need to set permissions on the file.

  1. Right click authorized_keys
  2. Go to Properties\Security\Advanced
  3. Click “Disable Inheritance”, then choose “Convert inherited permissions into explicit permissions on this object”
  4. Remove all permissions on the file except for SYSTEM and your user. There should only be two entries in the list, both with “Full Control”

Now’s the most important step. After SSHing into your Hassio install, attempt to connect again to your Windows machine with
ssh [ local windows username]@[windows computer]
If it worked, and didn’t ask for a password, we’re in the home stretch. If it did, double check the instructions and check the sources for more details.

Setting up the wake_on_lan component

If you didn’t already have a wake_on_lan switch, here’s the syntax

switch:
  - platform: wake_on_lan
    mac_address: "PC-MA-CA-DD-RE-SS"
    name: "Friendly name"
    host: "Computer's IP address to determine state"
    turn_off:
      service: shell_command.turn_off_yourpc

# The shell_command is where the actual shutdown command takes place
shell_command:
  turn_off_yourpc: 'ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /config/.ssh/id_rsa [user]@[windows ip] shutdown /h /f'
# You can also use a different shutdown command, but shutdown -h -f forces a hibernation

Passing a normal 'ssh [user]@[windows box] shutdown /h /f resulted in error 255, but this solution found by @keith-michael worked.

Let me know if you need anything else! This was probably a convoluted method but it worked for me.


#2

Sources:
Solution to shell_command error 255, courtesy @keith-michael

Installation of OpenSSH For Windows Server 2019 and Windows 10
Setting up OpenSSH for Windows using public key authentication (Stack Overflow)
Generating a new SSH key and adding it to the ssh-agent
switch.wake_on_lan Component


#3

This worked perfectly for my computer! I can now put it to sleep and wake it up on demand via a switch in my hassio. What if I wanted to add a second pc?

What would the process be? Do I need a separate set of SSH keys to be re-created or I can use the same?

King regards,
-G


#4

No you do not need to create a new SSH key, all you have to do is to add another switch and point it to the second pc’s ip like so

switch:
  - platform: wake_on_lan
    mac_address: "PC-MA-CA-DD-RE-SS"
    name: "Friendly name"
    host: "Computer's IP address to determine state"
    turn_off:
      service: shell_command.turn_off_yourpc
  - platform: wake_on_lan_for_second_PC
    mac_address: "2N-D-MC-AD-RE-SS"
    name: "Second Friendly name"
    host: "Second Computer's IP address to determine state"
    turn_off:
      service: shell_command.turn_off_yoursecondpc

# The shell_command is where the actual shutdown command takes place
shell_command:
  turn_off_yoursecondpc: 'ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /config/.ssh/id_rsa [user]@[second ip] shutdown /h /f'
# You can also use a different shutdown command, but shutdown -h -f forces a hibernation

#5

@anilet is more or less correct. Just re-follow the guide from the point where you add the keys to the Windows machine. You could generate unique SSH keys for each computer, but that kinda defeats the purpose of them.

You can add those to your personal machine as well, so if you want to remote into one of your computers you won’t need a password. For Linux, just use the command ssh-copy-id. Windows is the above, although there are other, better supported ways to remote in.


#6

Is there any chance that I need to have signed in (via SSH) to the hassio machine at least once with password from the windows machine in order for the without password process to work thereafter? Because, although I was able to do this for my windows machine , now trying to replicate the process (with the same SSH keys) on another windows machine it will not work.

The only difference I spotted is that the second windows machine has never SSH-ed to hassio with password.

Regards