Eryph Guest Services (EGS) provides secure SSH connectivity to Hyper-V virtual machines through Hyper-V sockets, eliminating the need for network configuration. The service can be used both as part of the eryph platform and standalone with plain Hyper-V.
EGS provides a unified, cross-platform solution that works consistently on both Windows and Linux VMs without network dependencies.
While Windows Server 2025 ships with OpenSSH by default, native Hyper-V socket support remains missing (Win32-OpenSSH issue #2200). PowerShell Direct is Windows-only with poor file transfer performance, and Linux vsock SSH support varies by distribution.
- Network-free connectivity: Access VMs via Hyper-V sockets without network setup
- Cross-platform support: Works on Windows and Linux VMs
- SSH-based access: Standard SSH protocol over Hyper-V transport
- File transfer capabilities: Upload/download files and directories to/from VMs
- Pseudo-terminal support: Interactive shell sessions
- Public key authentication: Secure key-based authentication
- Easy installation: Simple installer scripts for both platforms
- No FTP subsystem - use
unisonfor file synchronization instead ofscp
EGS doesn't reinvent the wheel. Like the hvc ssh command, EGS builds a Hyper-V socket connection using SSH ProxyCommand:
ProxyCommand hvc nc -t vsock <vmid> 5002
The egs-tool writes SSH configuration to %LOCALAPPDATA%\.eryph\ssh\config, mapping hostnames to VM IDs and proxy commands. During configuration, SSH keys are exchanged between host and guest, enabling passwordless authentication to the EGS service account (Windows) or root (Linux).
The guest implements a custom SSH server independent of any existing OpenSSH installation, avoiding configuration conflicts.
Components:
- Guest Service (
egs-service): Runs inside VMs as a system service, providing SSH server functionality over Hyper-V sockets - Host Tool (
egs-tool): Command-line tool running on the Hyper-V host for managing connections and file uploads
- Windows 10/11 Pro, Enterprise, or Education
- Windows Server 2016 or newer
- Hyper-V enabled
- Administrator privileges
- Windows VMs: Windows Server 2016+ or Windows 10+
- Linux VMs: Modern Linux distribution with systemd
- Hyper-V integration services enabled
There are two ways to use eryph guest services:
If you're using eryph, guest services are installed automatically via genes:
# For Linux VMs
fodder:
- source: gene:dbosoft/guest-services:linux-install
# For Windows VMs
fodder:
- source: gene:dbosoft/guest-services:win-installMore details: genepool.eryph.io/b/dbosoft/guest-services
Same installations as for standalone Hyper-V - see below.
For standalone Hyper-V environments without eryph:
- Download the installation ISO from releases.dbosoft.eu/eryph/guest-services/
- Mount the ISO in your VM
- Run the installation script from the mounted ISO:
Windows VMs:
# Run as Administrator from the mounted ISO
D:\install.ps1Linux VMs:
# Run as root from the mounted ISO
sudo /media/cdrom/install.sh- Install
egs-toolusing the PowerShell installer:
# Run as Administrator
iex ((New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/eryph-org/guest-services/main/src/Eryph.GuestServices.Tool/install.ps1'))- Initialize the host-side configuration:
# Initialize the host-side configuration
egs-tool initializeThis registers the Hyper-V integration service and generates SSH keys.
For plain Hyper-V environments without eryph:
egs-tool get-status <VM-ID># Add VM to SSH configuration
egs-tool add-ssh-config <VM-ID> [optional-alias]
# Update SSH config (creates ~/.ssh/config entries)
egs-tool update-ssh-config# Connect using the generated alias
ssh <VM-ID>.hyper-v.alt
# or if you provided a custom alias:
ssh <alias># Upload single file to VM
egs-tool upload-file <VM-ID> <local-file> <remote-file>
# Upload directory to VM (non-recursive - root files only)
egs-tool upload-directory <VM-ID> <local-directory> <remote-directory>
# Upload directory recursively (including subdirectories)
egs-tool upload-directory <VM-ID> <local-directory> <remote-directory> --recursive
# Download single file from VM
egs-tool download-file <VM-ID> <remote-file> <local-file>
# Download directory from VM (non-recursive - root files only)
egs-tool download-directory <VM-ID> <remote-directory> <local-directory>
# Download directory recursively (including subdirectories)
egs-tool download-directory <VM-ID> <remote-directory> <local-directory> --recursive
# All commands support --overwrite flag
egs-tool upload-file <VM-ID> <local-file> <remote-file> --overwriteWhen used with eryph, the guest services are typically installed via genes:
# For Linux VMs
fodder:
- source: gene:dbosoft/guest-services:linux-install
# For Windows VMs
fodder:
- source: gene:dbosoft/guest-services:win-installIf you don't provide an SSH key in the gene configuration, set up access after VM creation:
# Update SSH config for all eryph catlets
egs-tool update-ssh-configThen connect using the generated aliases:
# Connect using catlet name and project
ssh <catlet-name>.<project-name>.eryph.alt
# For default project, you can also use:
ssh <catlet-name>.eryph.altThe guest services use dedicated SSH keys separate from your regular SSH keys:
# View the public key
egs-tool get-ssh-key
# Reinitialize keys if needed
egs-tool initializeWhen installing via eryph genes, these variables are supported:
- version: Version to install (
latest,prerelease, or specific version like0.1.0) - downloadUrl: Custom download URL if not using GitHub releases
- sshPublicKey: SSH public key for authentication (optional - if not provided, use
egs-tool add-ssh-configafter VM creation)
Example:
fodder:
- source: gene:dbosoft/guest-services:linux-install
variables:
- name: version
value: "0.3"
- name: sshPublicKey
value: "ssh-rsa AAAAB3NzaC1yc2E..."The guest services use SSH public key authentication:
- Username: Always
egs - Authentication: SSH public key only (password authentication disabled)
- Key Exchange: Keys are exchanged via Hyper-V data exchange service
- Host Trust: Host keys are automatically trusted (secure due to Hyper-V socket isolation)
| Command | Description | Arguments |
|---|---|---|
initialize |
Register Hyper-V service and generate SSH keys | None |
unregister |
Unregister Hyper-V integration service | None |
get-status <VM-ID> |
Check if guest services are available | VM GUID |
get-ssh-key |
Display the SSH public key | None |
add-ssh-config <VM-ID> [alias] |
Configure SSH access for a VM | VM GUID, optional alias |
update-ssh-config |
Update SSH config for all VMs/catlets | None |
upload-file <VM-ID> <local> <remote> |
Upload single file to VM | VM GUID, local file, remote file |
upload-directory <VM-ID> <local> <remote> |
Upload directory to VM | VM GUID, local dir, remote dir |
download-file <VM-ID> <remote> <local> |
Download single file from VM | VM GUID, remote file, local file |
download-directory <VM-ID> <remote> <local> |
Download directory from VM | VM GUID, remote dir, local dir |
Flags for file/directory commands:
--overwrite: Overwrite existing files/directories--recursive: Include subdirectories (directory commands only)
For standalone Hyper-V, get VM IDs using:
# PowerShell
Get-VM | Select-Object Name, Id
# Or using Hyper-V Manager
# VM Settings → Hardware → Details shows the VM IDFor eryph catlets:
Get-Catlet | Select-Object Name, VmId-
Status shows "unknown"
- Guest services not installed or not running in VM
- Check VM has Hyper-V integration services enabled
-
Authentication failed
- Run
egs-tool add-ssh-config <VM-ID>to set up authentication - Ensure you ran
egs-tool initializeon the host
- Run
-
Connection refused
- Guest service may not be running: check service status in VM
- Hyper-V integration services may be disabled
-
File transfer failed
- Check paths exist and are writable/readable
- Use
--overwriteflag if file/directory already exists - Use
--recursiveflag for directory operations that need subdirectories
# Check service status
Get-Service eryph-guest-services
# Restart service
Restart-Service eryph-guest-services# Check service status
sudo systemctl status eryph-guest-services
# Restart service
sudo systemctl restart eryph-guest-services- egs-service: Guest service (SSH server over Hyper-V sockets)
- egs-tool: Host tool (SSH client and management)
- Hyper-V Integration Service: Transport layer for communication
- Hyper-V Data Exchange: Key exchange and status communication
Host (egs-tool) ←→ Hyper-V Socket ←→ Guest (egs-service)
↑
Service ID: 0000138a-facb-11e6-bd58-64006a7986d3
Linux VSock Port: 5002
- All communication encrypted via SSH
- Public key authentication only
- Host keys automatically trusted (isolated transport)
- Separate key management from system SSH
# Build solution
dotnet build
# Run tests
dotnet test
# Create packages
dotnet packsrc/Eryph.GuestServices.Service/- Guest service implementationsrc/Eryph.GuestServices.Tool/- Host tool implementationsrc/Eryph.GuestServices.Sockets/- Hyper-V socket abstractionsrc/Eryph.GuestServices.Pty/- Pseudo-terminal supportsrc/Eryph.GuestServices.DevTunnels.Ssh.Extensions/- SSH server extensionspackaging/iso/- Installation scriptstests/- Test projects
This project is licensed under the MIT License - see the LICENSE file for details.
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests for new functionality
- Ensure all tests pass
- Submit a pull request
- Issues: GitHub Issues
- Documentation: eryph Documentation
- Community: eryph Discussions