From bccc898ed9ef900f4809162b993bfac5247c6447 Mon Sep 17 00:00:00 2001
From: "G.Reijn" <26114636+Gijsreyn@users.noreply.github.com>
Date: Thu, 7 May 2026 04:16:51 +0200
Subject: [PATCH 1/6] Initial reference documentation for
 Microsoft.OpenSSH.SSHD/Windows

---
 .../configure-default-shell-powershell.md     |   0
 .../Microsoft/OpenSSH/SSHD/Windows/index.md   | 247 ++++++++++++++++++
 2 files changed, 247 insertions(+)
 create mode 100644 docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/examples/configure-default-shell-powershell.md
 create mode 100644 docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/index.md

diff --git a/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/examples/configure-default-shell-powershell.md b/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/examples/configure-default-shell-powershell.md
new file mode 100644
index 000000000..e69de29bb
diff --git a/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/index.md b/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/index.md
new file mode 100644
index 000000000..edc3f93bd
--- /dev/null
+++ b/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/index.md
@@ -0,0 +1,247 @@
+---
+description: Microsoft.OpenSSH.SSHD/Windows resource reference documentation
+ms.date:     07/02/2025
+ms.topic:    reference
+title:       Microsoft.OpenSSH.SSHD/Windows
+---
+
+# Microsoft.OpenSSH.SSHD/Windows
+
+## Synopsis
+
+Manage SSH client and server configuration.
+
+## Metadata
+
+```yaml
+Version    : 0.1.0
+Kind       : resource
+Tags       : [Windows]
+Author     : Microsoft
+```
+
+## Instance definition syntax
+
+```yaml
+resources:
+  - name: <instance name>
+    type: Microsoft.OpenSSH.SSHD/Windows
+    properties:
+      # Required properties
+      # Instance properties
+      _exist:
+      # Add other properties as needed
+```
+
+## Description
+
+The `Microsoft.OpenSSH.SSHD/Windows` resource enables you to idempotently manage SSH server
+configuration. The resource can:
+
+- Add, update, and remove SSH client and server configuration settings.
+
+> [!NOTE]
+> This resource is installed with DSC itself on systems.
+>
+> You can update this resource by updating DSC. When you update DSC, the updated version of this
+> resource is automatically available.
+
+## Requirements
+
+- The resource requires OpenSSH server and client to be installed on the Windows system.
+- The resource must run in a process context that has permissions to manage the SSH server
+  configuration settings.
+- The resource must run at least under a Windows Server 2019 or Windows 10 (build 1809)
+  operating system.
+
+## Capabilities
+
+The resource has the following capabilities:
+
+- `get` - You can use the resource to retrieve the actual state of an instance.
+- `set` - You can use the resource to enforce the desired state for an instance.
+- `export` - You can use the resource to export the SSHD configuration of existing instances.
+
+This resource uses the synthetic test functionality of DSC to determine whether an instance is in
+the desired state. For more information about resource capabilities, see
+[DSC resource capabilities][00].
+
+## Examples
+
+<!-- Example definitions would need to be created as separate files -->
+
+1. [Configure default shell PowerShell][03] - Shows how to set the default shell to PowerShell.exe
+
+## Properties
+
+The following list describes the properties for the resource.
+
+- **Required properties:** <a id="required-properties"></a> The following properties are always
+  required when defining an instance of the resource. An instance that doesn't define each of these
+  properties is invalid. For more information, see the "Required resource properties" section in
+  [DSC resource properties][01]
+
+  - [shell](#shell) - The path to the default shell for SSH.
+
+- **Key properties:** <a id="key-properties"> The following properties uniquely identify an
+  instance. If two instances of a resource have the same values for their key properties, the
+  instances are conflicting. For more information about key properties, see the "Key resource
+  properties" section in [DSC resource properties][02].
+
+  - [shell](#shell) (required) - The path to the default shell for SSH.
+
+- **Instance properties:** <a id="instance-properties"></a> The following properties are optional.
+  They define the desired state for an instance of the resource.
+
+  - [cmd_option](#cmd_option) - Specifies command-line options for the shell.
+  - [escape_arguments](#escape_arguments) - Specifies whether shell arguments should be escaped.
+  - [shell_arguments](#shell_arguments) - Specifies the arguments to pass to the shell.
+
+### shell
+
+<details><summary>Expand for <code>shell</code> property metadata</summary>
+
+```yaml
+Type             : string
+IsRequired       : true
+IsKey            : true
+IsReadOnly       : false
+IsWriteOnly      : false
+```
+
+</details>
+
+Defines the path to the default shell executable to use for SSH sessions.
+This property is required and must specify a valid path to an executable on the system.
+
+### cmd_option
+
+<details><summary>Expand for <code>cmd_option</code> property metadata</summary>
+
+```yaml
+Type             : string
+IsRequired       : false
+IsKey            : false
+IsReadOnly       : false
+IsWriteOnly      : false
+```
+
+</details>
+
+Specifies optional command-line options to pass to the shell when it's launched.
+
+### escape_arguments
+
+<details><summary>Expand for <code>escape_arguments</code> property metadata</summary>
+
+```yaml
+Type             : boolean
+IsRequired       : false
+IsKey            : false
+IsReadOnly       : false
+IsWriteOnly      : false
+```
+
+</details>
+
+Determines whether shell arguments should be escaped. When set to `true`, the arguments provided
+in `shell_arguments` will be properly escaped before being passed to the shell.
+
+### shell_arguments
+
+<details><summary>Expand for <code>shell_arguments</code> property metadata</summary>
+
+```yaml
+Type              : array
+ItemsType         : string
+ItemsMustBeUnique : false
+ItemsMinimumCount : 0
+IsRequired        : false
+IsKey             : false
+IsReadOnly        : false
+IsWriteOnly       : false
+```
+
+</details>
+
+Specifies an array of arguments to pass to the shell when it's launched.
+Each element in the array represents a separate argument.
+
+## Instance validating schema
+
+The following snippet contains the JSON Schema that validates an instance of the resource. The
+validating schema only includes schema keywords that affect how the instance is validated. All
+non validating keywords are omitted.
+
+```json
+{
+  "type": "object",
+  "required": ["shell"],
+  "additionalProperties": false,
+  "properties": {
+    "shell": {
+      "type": "string"
+    },
+    "cmd_option": {
+      "type": "string"
+    },
+    "escape_arguments": {
+      "type": "boolean"
+    },
+    "shell_arguments": {
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
+    }
+  }
+}
+```
+
+## Exit codes
+
+The resource returns the following exit codes from operations:
+
+- [0](#exit-code-0) - Success
+- [1](#exit-code-1) - Invalid parameter
+- [2](#exit-code-2) - Invalid input
+- [3](#exit-code-3) - SSH configuration error
+- [4](#exit-code-4) - Json serialization failed
+
+### Exit code 0
+
+Indicates the resource operation completed without errors.
+
+### Exit code 1
+
+Indicates the resource operation failed due to an invalid parameter. When the resource returns this
+exit code, it also emits an error message with details about the invalid parameter.
+
+### Exit code 2
+
+Indicates the resource operation failed because the input instance was invalid. When the resource
+returns this exit code, it also emits one or more error messages with details describing how the
+input instance was invalid.
+
+### Exit code 3
+
+Indicates the resource operation failed due to an error in the SSH server configuration. When the
+resource returns this exit code, it also emits the error message related to the SSH configuration issue.
+
+### Exit code 4
+
+Indicates the resource operation failed because the result couldn't be serialized to JSON.
+
+## See also
+
+- [Microsoft.DSC/PowerShell resource][03]
+- For more information about OpenSSH, see [OpenSSH Documentation][04]
+
+<!-- Link definitions -->
+[00]: ../../../../../concepts/resources/capabilities.md
+[01]: ../../../../../concepts/resources/properties.md#required-resource-properties
+[02]: ../../../../../concepts/resources/properties.md#key-resource-properties
+[03]: ../../../DSC/PowerShell/index.md
+[04]: /windowsserverdocs/WindowsServerDocs/administration/OpenSSH/openssh-overview
+[05]: ./examples/configure-default-shell-powershell.md
+

From fcf49edd5b53ee4b9acb9f5c65cfcddaf092f5c3 Mon Sep 17 00:00:00 2001
From: "G.Reijn" <26114636+Gijsreyn@users.noreply.github.com>
Date: Thu, 7 May 2026 04:16:51 +0200
Subject: [PATCH 2/6] Update with latest changes

---
 .../configure-default-shell-powershell.md     |  99 ++++++++++++++
 .../Microsoft/OpenSSH/SSHD/Windows/index.md   | 125 +++++-------------
 2 files changed, 134 insertions(+), 90 deletions(-)

diff --git a/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/examples/configure-default-shell-powershell.md b/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/examples/configure-default-shell-powershell.md
index e69de29bb..321e84b1e 100644
--- a/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/examples/configure-default-shell-powershell.md
+++ b/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/examples/configure-default-shell-powershell.md
@@ -0,0 +1,99 @@
+---
+description: >
+  Example showing how to use Microsoft.OpenSSH.SSHD/Windows to configure the default shell for SSH sessions.
+ms.date: 07/15/2025
+ms.topic: reference
+title: Configure default shell for SSH
+---
+
+# Configure default shell for SSH
+
+This example demonstrates how to use the `Microsoft.OpenSSH.SSHD/Windows` resource to
+set the default shell for SSH connections. The examples below configure PowerShell
+as the default shell for all SSH sessions.
+
+> [!NOTE]
+> You should run this example in an elevated context (as Administrator) to
+> ensure the SSH server configuration can be updated successfully.
+
+## Test the current default shell
+
+The following snippet shows how you can use the resource with the [dsc resource test][00] command to check whether PowerShell is set as the default shell.
+
+```powershell
+$instance = @{
+  shell = 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe'
+} | ConvertTo-Json
+
+dsc resource test --resource Microsoft.OpenSSH.SSHD/Windows --input $instance
+```
+
+When PowerShell is not set as the default shell, DSC returns the following result:
+
+```yaml
+desiredState:       
+  shell: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
+actualState: {}
+inDesiredState: false
+differingProperties:
+- shell
+```
+
+## Set PowerShell as the default shell
+
+To set PowerShell as the default shell for SSH, use the [dsc resource set][01] command.
+
+```powershell
+dsc resource set --resource Microsoft.OpenSSH.SSHD/Windows --input $instance
+```
+
+When the resource updates the default shell, DSC returns the following result:
+
+```yaml
+beforeState: {}
+afterState:
+  shell: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
+changedProperties:
+- shell
+```
+
+You can test the instance again to confirm that PowerShell is now the default shell:
+
+```powershell
+dsc resource test --resource Microsoft.OpenSSH.SSHD/Windows --input $instance
+```
+
+```yaml
+desiredState:
+  shell: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
+actualState:
+  shell: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
+inDesiredState: true
+differingProperties: []
+```
+
+## Cleanup
+
+To restore your system to its original state, use the following command to delete the registry key:
+
+```powershell
+$params = @{
+    Path = 'HKLM:\SOFTWARE\OpenSSH'
+    Name = 'DefaultShell'
+}
+Remove-ItemProperty @params
+```
+
+To verify the configuration is removed, use the `dsc resource get` command:
+
+```powershell
+dsc resource get --resource Microsoft.OpenSSH.SSHD/Windows --input $instance
+```
+
+```yaml
+actualState: {}
+```
+
+<!-- Link reference definitions -->
+[00]: ../../../../../cli/resource/test.md
+[01]: ../../../../../cli/resource/set.md
diff --git a/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/index.md b/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/index.md
index edc3f93bd..16212fcd0 100644
--- a/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/index.md
+++ b/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/index.md
@@ -27,10 +27,10 @@ resources:
   - name: <instance name>
     type: Microsoft.OpenSSH.SSHD/Windows
     properties:
-      # Required properties
       # Instance properties
-      _exist:
-      # Add other properties as needed
+      shell: 
+      escapeArguments:
+      cmdOption:
 ```
 
 ## Description
@@ -60,7 +60,6 @@ The resource has the following capabilities:
 
 - `get` - You can use the resource to retrieve the actual state of an instance.
 - `set` - You can use the resource to enforce the desired state for an instance.
-- `export` - You can use the resource to export the SSHD configuration of existing instances.
 
 This resource uses the synthetic test functionality of DSC to determine whether an instance is in
 the desired state. For more information about resource capabilities, see
@@ -70,41 +69,27 @@ the desired state. For more information about resource capabilities, see
 
 <!-- Example definitions would need to be created as separate files -->
 
-1. [Configure default shell PowerShell][03] - Shows how to set the default shell to PowerShell.exe
+1. [Configure default shell PowerShell][01] - Shows how to set the default shell to PowerShell.exe
 
 ## Properties
 
 The following list describes the properties for the resource.
 
-- **Required properties:** <a id="required-properties"></a> The following properties are always
-  required when defining an instance of the resource. An instance that doesn't define each of these
-  properties is invalid. For more information, see the "Required resource properties" section in
-  [DSC resource properties][01]
-
-  - [shell](#shell) - The path to the default shell for SSH.
-
-- **Key properties:** <a id="key-properties"> The following properties uniquely identify an
-  instance. If two instances of a resource have the same values for their key properties, the
-  instances are conflicting. For more information about key properties, see the "Key resource
-  properties" section in [DSC resource properties][02].
-
-  - [shell](#shell) (required) - The path to the default shell for SSH.
-
 - **Instance properties:** <a id="instance-properties"></a> The following properties are optional.
   They define the desired state for an instance of the resource.
 
-  - [cmd_option](#cmd_option) - Specifies command-line options for the shell.
-  - [escape_arguments](#escape_arguments) - Specifies whether shell arguments should be escaped.
-  - [shell_arguments](#shell_arguments) - Specifies the arguments to pass to the shell.
+  - [shell](#shell) - The path to the default shell for SSH.
+  - [cmdOption](#cmdOption) - Specifies command-line options for the shell.
+  - [escapeArguments](#escapeArguments) - Specifies whether shell arguments should be escaped.
 
 ### shell
 
 <details><summary>Expand for <code>shell</code> property metadata</summary>
 
 ```yaml
-Type             : string
-IsRequired       : true
-IsKey            : true
+Type             : string, null
+IsRequired       : false
+IsKey            : false
 IsReadOnly       : false
 IsWriteOnly      : false
 ```
@@ -114,12 +99,12 @@ IsWriteOnly      : false
 Defines the path to the default shell executable to use for SSH sessions.
 This property is required and must specify a valid path to an executable on the system.
 
-### cmd_option
+### cmdOption
 
-<details><summary>Expand for <code>cmd_option</code> property metadata</summary>
+<details><summary>Expand for <code>cmdOption</code> property metadata</summary>
 
 ```yaml
-Type             : string
+Type             : string, null
 IsRequired       : false
 IsKey            : false
 IsReadOnly       : false
@@ -130,12 +115,12 @@ IsWriteOnly      : false
 
 Specifies optional command-line options to pass to the shell when it's launched.
 
-### escape_arguments
+### escapeArguments
 
-<details><summary>Expand for <code>escape_arguments</code> property metadata</summary>
+<details><summary>Expand for <code>escapeArguments</code> property metadata</summary>
 
 ```yaml
-Type             : boolean
+Type             : boolean, null
 IsRequired       : false
 IsKey            : false
 IsReadOnly       : false
@@ -147,26 +132,6 @@ IsWriteOnly      : false
 Determines whether shell arguments should be escaped. When set to `true`, the arguments provided
 in `shell_arguments` will be properly escaped before being passed to the shell.
 
-### shell_arguments
-
-<details><summary>Expand for <code>shell_arguments</code> property metadata</summary>
-
-```yaml
-Type              : array
-ItemsType         : string
-ItemsMustBeUnique : false
-ItemsMinimumCount : 0
-IsRequired        : false
-IsKey             : false
-IsReadOnly        : false
-IsWriteOnly       : false
-```
-
-</details>
-
-Specifies an array of arguments to pass to the shell when it's launched.
-Each element in the array represents a separate argument.
-
 ## Instance validating schema
 
 The following snippet contains the JSON Schema that validates an instance of the resource. The
@@ -176,23 +141,24 @@ non validating keywords are omitted.
 ```json
 {
   "type": "object",
-  "required": ["shell"],
-  "additionalProperties": false,
   "properties": {
     "shell": {
-      "type": "string"
-    },
-    "cmd_option": {
-      "type": "string"
+      "type": [
+        "string",
+        "null"
+      ]
     },
-    "escape_arguments": {
-      "type": "boolean"
+    "cmdOption": {
+      "type": [
+        "string",
+        "null"
+      ]
     },
-    "shell_arguments": {
-      "type": "array",
-      "items": {
-        "type": "string"
-      }
+    "escapeArguments": {
+      "type": [
+        "boolean",
+        "null"
+      ]
     }
   }
 }
@@ -204,9 +170,6 @@ The resource returns the following exit codes from operations:
 
 - [0](#exit-code-0) - Success
 - [1](#exit-code-1) - Invalid parameter
-- [2](#exit-code-2) - Invalid input
-- [3](#exit-code-3) - SSH configuration error
-- [4](#exit-code-4) - Json serialization failed
 
 ### Exit code 0
 
@@ -217,31 +180,13 @@ Indicates the resource operation completed without errors.
 Indicates the resource operation failed due to an invalid parameter. When the resource returns this
 exit code, it also emits an error message with details about the invalid parameter.
 
-### Exit code 2
-
-Indicates the resource operation failed because the input instance was invalid. When the resource
-returns this exit code, it also emits one or more error messages with details describing how the
-input instance was invalid.
-
-### Exit code 3
-
-Indicates the resource operation failed due to an error in the SSH server configuration. When the
-resource returns this exit code, it also emits the error message related to the SSH configuration issue.
-
-### Exit code 4
-
-Indicates the resource operation failed because the result couldn't be serialized to JSON.
-
 ## See also
 
-- [Microsoft.DSC/PowerShell resource][03]
-- For more information about OpenSSH, see [OpenSSH Documentation][04]
+- [Microsoft.DSC/PowerShell resource][02]
+- For more information about OpenSSH, see [OpenSSH Documentation][03]
 
 <!-- Link definitions -->
 [00]: ../../../../../concepts/resources/capabilities.md
-[01]: ../../../../../concepts/resources/properties.md#required-resource-properties
-[02]: ../../../../../concepts/resources/properties.md#key-resource-properties
-[03]: ../../../DSC/PowerShell/index.md
-[04]: /windowsserverdocs/WindowsServerDocs/administration/OpenSSH/openssh-overview
-[05]: ./examples/configure-default-shell-powershell.md
-
+[01]: ./examples/configure-default-shell-powershell.md
+[02]: ../../../DSC/PowerShell/index.md
+[03]: /windowsserverdocs/WindowsServerDocs/administration/OpenSSH/openssh-overview

From 40d68086a87f2bfd6768286f9584a394e3e0c4c8 Mon Sep 17 00:00:00 2001
From: "G.Reijn" <26114636+Gijsreyn@users.noreply.github.com>
Date: Thu, 7 May 2026 04:16:51 +0200
Subject: [PATCH 3/6] Add sshd_config

---
 .../Microsoft/OpenSSH/SSHD/Windows/index.md   |   6 +-
 .../examples/export-openssh-configuration.md  |   0
 .../OpenSSH/SSHD/sshd_config/index.md         | 142 ++++++++++++++++++
 3 files changed, 144 insertions(+), 4 deletions(-)
 create mode 100644 docs/reference/resources/Microsoft/OpenSSH/SSHD/sshd_config/examples/export-openssh-configuration.md
 create mode 100644 docs/reference/resources/Microsoft/OpenSSH/SSHD/sshd_config/index.md

diff --git a/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/index.md b/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/index.md
index 16212fcd0..3049b2712 100644
--- a/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/index.md
+++ b/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/index.md
@@ -16,7 +16,7 @@ Manage SSH client and server configuration.
 ```yaml
 Version    : 0.1.0
 Kind       : resource
-Tags       : [Windows]
+Tags       : [OpenSSH, Windows]
 Author     : Microsoft
 ```
 
@@ -38,7 +38,7 @@ resources:
 The `Microsoft.OpenSSH.SSHD/Windows` resource enables you to idempotently manage SSH server
 configuration. The resource can:
 
-- Add, update, and remove SSH client and server configuration settings.
+- Add and update SSH client and server configuration settings.
 
 > [!NOTE]
 > This resource is installed with DSC itself on systems.
@@ -67,8 +67,6 @@ the desired state. For more information about resource capabilities, see
 
 ## Examples
 
-<!-- Example definitions would need to be created as separate files -->
-
 1. [Configure default shell PowerShell][01] - Shows how to set the default shell to PowerShell.exe
 
 ## Properties
diff --git a/docs/reference/resources/Microsoft/OpenSSH/SSHD/sshd_config/examples/export-openssh-configuration.md b/docs/reference/resources/Microsoft/OpenSSH/SSHD/sshd_config/examples/export-openssh-configuration.md
new file mode 100644
index 000000000..e69de29bb
diff --git a/docs/reference/resources/Microsoft/OpenSSH/SSHD/sshd_config/index.md b/docs/reference/resources/Microsoft/OpenSSH/SSHD/sshd_config/index.md
new file mode 100644
index 000000000..1bbc48cc8
--- /dev/null
+++ b/docs/reference/resources/Microsoft/OpenSSH/SSHD/sshd_config/index.md
@@ -0,0 +1,142 @@
+---
+description: Microsoft.OpenSSH.SSHD/sshd_config resource reference documentation
+ms.date: 07/15/2025
+ms.topic: reference
+title: Microsoft.OpenSSH.SSHD/sshd_config
+---
+
+# Microsoft.OpenSSH.SSHD/sshd_config
+
+## Synopsis
+
+Manage SSH Server Configuration.
+
+## Metadata
+
+```yaml
+Version    : 0.1.0
+Kind       : resource
+Tags       : [OpenSSH, Windows, Linux]
+Author     : Microsoft
+```
+
+## Instance definition syntax
+
+```yaml
+resources:
+  - name: <instance name>
+    type: Microsoft.OpenSSH.SSHD/sshd_config
+    properties:
+    # Required properties
+      map: object
+```
+
+## Description
+
+The `Microsoft.OpenSSH.SSHD/sshd_config` resource allows you to export client
+and server configuration settings. The resource can:
+
+- Export client and server configuration settings
+
+> [!NOTE]
+> This resource is installed with DSC itself on systems.
+>
+> You can update this resource by updating DSC. When you update DSC, the updated version of this
+> resource is automatically available.
+
+## Requirements
+
+- The resource requires OpenSSH server and client to be installed on the Windows system.
+- The resource must run at least under a Windows Server 2019 or Windows 10 (build 1809)
+  operating system.
+
+## Capabilities
+
+The resource has the following capabilities:
+
+- `export` - You can use the resource to export the current SSH server configuration.
+
+## Examples
+
+1. [Export OpenSSH configuration][00] - Shows how to export current OpenSSH configuration.
+
+## Properties
+
+The following list describes the properties for the resource.
+
+- **Required properties:** <a id="required-properties"></a> The following properties are always
+  required when defining an instance of the resource. An instance that doesn't define each of these
+  properties is invalid. For more information, see the "Required resource properties" section in
+  [DSC resource properties][01]
+
+  - [map](#map) - 
+
+- **Key properties:** <a id="key-properties"> The following properties uniquely identify an
+  instance. If two instances of a resource have the same values for their key properties, the
+  instances are conflicting. For more information about key properties, see the "Key resource
+  properties" section in [DSC resource properties][02].
+
+  - [map](#map) (required) - 
+
+### map
+
+<details><summary>Expand for <code>map</code> property metadata</summary>
+
+```yaml
+Type             : object
+IsRequired       : true
+IsKey            : false
+IsReadOnly       : false
+IsWriteOnly      : false
+```
+
+</details>
+
+## Instance validating schema
+
+The following snippet contains the JSON Schema that validates an instance of the resource. The
+validating schema only includes schema keywords that affect how the instance is validated. All
+non validating keywords are omitted.
+
+```json
+{
+"type": "object",
+  "required": [
+    "map"
+  ],
+  "properties": {
+    "map": {
+      "type": "object",
+      "additionalProperties": true
+    }
+  }
+}
+```
+
+## Exit codes
+
+The resource returns the following exit codes from operations:
+
+- [0](#exit-code-0) - Success
+- [1](#exit-code-1) - Invalid parameter
+
+### Exit code 0
+
+Indicates the resource operation completed without errors.
+
+### Exit code 1
+
+Indicates the resource operation failed due to an invalid parameter. When the resource returns this
+exit code, it also emits an error message with details about the invalid parameter.
+
+## See also
+
+- [Microsoft.OpenSSH.SSHD/Windows resource][03]
+- For more information about OpenSSH, see [OpenSSH Documentation][04]
+
+<!-- Link definitions -->
+[00]: examples/export-openssh-configuration.md
+[01]: ../../../../../concepts/resources/properties.md#required-resource-properties
+[02]: ../../../../../concepts/resources/properties.md#key-resource-properties
+[03]: ../Windows/index.md
+[04]: /windowsserverdocs/WindowsServerDocs/administration/OpenSSH/openssh-overview

From 2da7de4088ccca7e25625836fc61bafb1c1554fc Mon Sep 17 00:00:00 2001
From: "G.Reijn" <26114636+Gijsreyn@users.noreply.github.com>
Date: Thu, 7 May 2026 04:44:04 +0200
Subject: [PATCH 4/6] Update Copilot remarks and adding two more examples

---
 .../Microsoft/OpenSSH/SSHD/Windows/index.md   |  29 +++--
 .../examples/export-openssh-configuration.md  |  81 +++++++++++++
 .../examples/manage-sshd-settings.md          | 113 ++++++++++++++++++
 .../OpenSSH/SSHD/sshd_config/index.md         | 101 ++++++++--------
 4 files changed, 262 insertions(+), 62 deletions(-)
 create mode 100644 docs/reference/resources/Microsoft/OpenSSH/SSHD/sshd_config/examples/manage-sshd-settings.md

diff --git a/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/index.md b/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/index.md
index 3049b2712..b8434704d 100644
--- a/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/index.md
+++ b/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/index.md
@@ -9,7 +9,7 @@ title:       Microsoft.OpenSSH.SSHD/Windows
 
 ## Synopsis
 
-Manage SSH client and server configuration.
+Manage SSH server global configuration settings on Windows.
 
 ## Metadata
 
@@ -33,12 +33,21 @@ resources:
       cmdOption:
 ```
 
+## Condition
+
+The resource only applies on systems where the `sshd` executable is available in PATH. DSC
+evaluates this with the expression `[not(equals(tryWhich('sshd'), null()))]` and skips the
+resource if `sshd` is not found.
+
 ## Description
 
-The `Microsoft.OpenSSH.SSHD/Windows` resource enables you to idempotently manage SSH server
-configuration. The resource can:
+The `Microsoft.OpenSSH.SSHD/Windows` resource enables you to idempotently manage the Windows
+OpenSSH server global settings. These settings are stored in the Windows registry under
+`HKLM\SOFTWARE\OpenSSH` and control the default shell behavior for SSH sessions:
 
-- Add and update SSH client and server configuration settings.
+- Set the default shell executable for SSH connections.
+- Specify command-line options to pass to the default shell.
+- Control whether shell arguments are escaped.
 
 > [!NOTE]
 > This resource is installed with DSC itself on systems.
@@ -95,7 +104,7 @@ IsWriteOnly      : false
 </details>
 
 Defines the path to the default shell executable to use for SSH sessions.
-This property is required and must specify a valid path to an executable on the system.
+When specified, the value must be a valid path to an executable on the system.
 
 ### cmdOption
 
@@ -127,14 +136,14 @@ IsWriteOnly      : false
 
 </details>
 
-Determines whether shell arguments should be escaped. When set to `true`, the arguments provided
-in `shell_arguments` will be properly escaped before being passed to the shell.
+Determines whether shell arguments should be escaped. When set to `true`, the arguments will be
+properly escaped before being passed to the shell.
 
 ## Instance validating schema
 
-The following snippet contains the JSON Schema that validates an instance of the resource. The
-validating schema only includes schema keywords that affect how the instance is validated. All
-non validating keywords are omitted.
+The resource generates its schema dynamically at runtime by running
+`sshdconfig schema -s windows-global`. The following snippet shows the effective schema that
+validates an instance of the resource.
 
 ```json
 {
diff --git a/docs/reference/resources/Microsoft/OpenSSH/SSHD/sshd_config/examples/export-openssh-configuration.md b/docs/reference/resources/Microsoft/OpenSSH/SSHD/sshd_config/examples/export-openssh-configuration.md
index e69de29bb..315aab2ac 100644
--- a/docs/reference/resources/Microsoft/OpenSSH/SSHD/sshd_config/examples/export-openssh-configuration.md
+++ b/docs/reference/resources/Microsoft/OpenSSH/SSHD/sshd_config/examples/export-openssh-configuration.md
@@ -0,0 +1,81 @@
+---
+description: >
+  Example showing how to use Microsoft.OpenSSH.SSHD/sshd_config to export current SSH server
+  configuration settings.
+ms.date: 05/07/2026
+ms.topic: reference
+title: Export OpenSSH SSH server configuration
+---
+
+# Export OpenSSH SSH server configuration
+
+This example demonstrates how to use the `Microsoft.OpenSSH.SSHD/sshd_config` resource with the
+[dsc resource export][00] command to retrieve all current SSH server configuration settings as a
+DSC configuration document that you can save and re-apply later.
+
+> [!NOTE]
+> You should run this example in an elevated context (as Administrator on Windows, or as root on
+> Linux) to ensure the SSH server configuration can be read successfully.
+
+## Export the current SSH server configuration
+
+Run the following command to export the current `sshd_config` settings:
+
+```powershell
+dsc resource export --resource Microsoft.OpenSSH.SSHD/sshd_config
+```
+
+DSC returns a configuration document with one resource instance per exported setting. The output
+looks similar to the following, where the exact properties and values reflect what is currently
+configured on the system:
+
+```yaml
+$schema: https://aka.ms/dsc/schemas/v3/bundled/config/document.json
+resources:
+- name: Microsoft.OpenSSH.SSHD/sshd_config[0]
+  type: Microsoft.OpenSSH.SSHD/sshd_config
+  properties:
+    port: '22'
+    addressfamily: any
+    listenaddress: '0.0.0.0'
+    syslogfacility: AUTH
+    loglevel: INFO
+    logingracetime: 120
+    strictmodes: 'yes'
+    maxauthtries: 6
+    pubkeyauthentication: 'yes'
+    authorizedkeysfile: .ssh/authorized_keys
+    passwordauthentication: 'no'
+    permitemptypasswords: 'no'
+    challengeresponseauthentication: 'no'
+    kerberosauthentication: 'no'
+    gssapiauthentication: 'no'
+    usepam: 'yes'
+    x11forwarding: 'no'
+    printmotd: 'no'
+    acceptenv: LANG LC_*
+    subsystem: sftp /usr/lib/openssh/sftp-server
+```
+
+> [!NOTE]
+> The output is truncated in this example. The actual output includes all effective
+> `sshd_config` directives for your system, including defaults inherited from OpenSSH.
+
+## Save the export to a configuration file
+
+You can pipe the export output to a file to create a backup of your current SSH server
+configuration:
+
+```powershell
+dsc resource export --resource Microsoft.OpenSSH.SSHD/sshd_config > sshd_backup.dsc.config.yaml
+```
+
+To re-apply the saved configuration to a system, use the [dsc config set][01] command:
+
+```powershell
+dsc config set --document sshd_backup.dsc.config.yaml
+```
+
+<!-- Link reference definitions -->
+[00]: ../../../../../../cli/resource/export.md
+[01]: ../../../../../../cli/config/set.md
diff --git a/docs/reference/resources/Microsoft/OpenSSH/SSHD/sshd_config/examples/manage-sshd-settings.md b/docs/reference/resources/Microsoft/OpenSSH/SSHD/sshd_config/examples/manage-sshd-settings.md
new file mode 100644
index 000000000..119f3f33e
--- /dev/null
+++ b/docs/reference/resources/Microsoft/OpenSSH/SSHD/sshd_config/examples/manage-sshd-settings.md
@@ -0,0 +1,113 @@
+---
+description: >
+  Example showing how to use Microsoft.OpenSSH.SSHD/sshd_config to get and enforce specific SSH
+  server configuration settings.
+ms.date: 05/07/2026
+ms.topic: reference
+title: Manage SSH server configuration settings
+---
+
+# Manage SSH server configuration settings
+
+This example demonstrates how to use the `Microsoft.OpenSSH.SSHD/sshd_config` resource to check
+and enforce secure SSH server configuration settings, such as disabling password-based
+authentication.
+
+> [!NOTE]
+> You should run this example in an elevated context (as Administrator on Windows, or as root on
+> Linux) to ensure the SSH server configuration can be updated successfully.
+
+## Get the current state of specific settings
+
+The following snippet shows how to use the [dsc resource get][00] command to retrieve the current
+values of specific `sshd_config` directives.
+
+```powershell
+$instance = @{
+    passwordauthentication = 'no'
+    permitrootlogin        = 'no'
+} | ConvertTo-Json
+
+dsc resource get --resource Microsoft.OpenSSH.SSHD/sshd_config --input $instance
+```
+
+When the settings differ from the desired values, DSC returns the current state from the
+`sshd_config` file:
+
+```yaml
+actualState:
+  passwordauthentication: 'yes'
+  permitrootlogin: prohibit-password
+```
+
+## Test whether the settings are in the desired state
+
+Use the [dsc resource test][01] command to check whether the current settings match your desired
+values:
+
+```powershell
+dsc resource test --resource Microsoft.OpenSSH.SSHD/sshd_config --input $instance
+```
+
+When the settings are not in the desired state, DSC returns the following result:
+
+```yaml
+desiredState:
+  passwordauthentication: 'no'
+  permitrootlogin: 'no'
+actualState:
+  passwordauthentication: 'yes'
+  permitrootlogin: prohibit-password
+inDesiredState: false
+differingProperties:
+- passwordauthentication
+- permitrootlogin
+```
+
+## Enforce the desired settings
+
+Use the [dsc resource set][02] command to apply the desired settings:
+
+```powershell
+dsc resource set --resource Microsoft.OpenSSH.SSHD/sshd_config --input $instance
+```
+
+DSC updates the `sshd_config` file and returns the before and after states:
+
+```yaml
+beforeState:
+  passwordauthentication: 'yes'
+  permitrootlogin: prohibit-password
+afterState:
+  passwordauthentication: 'no'
+  permitrootlogin: 'no'
+changedProperties:
+- passwordauthentication
+- permitrootlogin
+```
+
+Test the instance again to confirm that the settings are now in the desired state:
+
+```powershell
+dsc resource test --resource Microsoft.OpenSSH.SSHD/sshd_config --input $instance
+```
+
+```yaml
+desiredState:
+  passwordauthentication: 'no'
+  permitrootlogin: 'no'
+actualState:
+  passwordauthentication: 'no'
+  permitrootlogin: 'no'
+inDesiredState: true
+differingProperties: []
+```
+
+> [!IMPORTANT]
+> After changing `sshd_config` settings, restart the SSH server service for the changes to take
+> effect. On Windows, run `Restart-Service sshd`. On Linux, run `sudo systemctl restart sshd`.
+
+<!-- Link reference definitions -->
+[00]: ../../../../../../cli/resource/get.md
+[01]: ../../../../../../cli/resource/test.md
+[02]: ../../../../../../cli/resource/set.md
diff --git a/docs/reference/resources/Microsoft/OpenSSH/SSHD/sshd_config/index.md b/docs/reference/resources/Microsoft/OpenSSH/SSHD/sshd_config/index.md
index 1bbc48cc8..6a6ce0df9 100644
--- a/docs/reference/resources/Microsoft/OpenSSH/SSHD/sshd_config/index.md
+++ b/docs/reference/resources/Microsoft/OpenSSH/SSHD/sshd_config/index.md
@@ -1,6 +1,6 @@
 ---
 description: Microsoft.OpenSSH.SSHD/sshd_config resource reference documentation
-ms.date: 07/15/2025
+ms.date: 05/07/2026
 ms.topic: reference
 title: Microsoft.OpenSSH.SSHD/sshd_config
 ---
@@ -16,7 +16,6 @@ Manage SSH Server Configuration.
 ```yaml
 Version    : 0.1.0
 Kind       : resource
-Tags       : [OpenSSH, Windows, Linux]
 Author     : Microsoft
 ```
 
@@ -27,16 +26,24 @@ resources:
   - name: <instance name>
     type: Microsoft.OpenSSH.SSHD/sshd_config
     properties:
-    # Required properties
-      map: object
+      # Any sshd_config directive as a key
+      <directive>: <value>
 ```
 
+## Condition
+
+The resource only applies on systems where the `sshd` executable is available in PATH. DSC
+evaluates this with the expression `[not(equals(tryWhich('sshd'), null()))]` and skips the
+resource if `sshd` is not found.
+
 ## Description
 
-The `Microsoft.OpenSSH.SSHD/sshd_config` resource allows you to export client
-and server configuration settings. The resource can:
+The `Microsoft.OpenSSH.SSHD/sshd_config` resource enables you to idempotently manage SSH server
+configuration settings stored in the `sshd_config` file. The resource can:
 
-- Export client and server configuration settings
+- Retrieve current SSH server configuration settings.
+- Apply desired SSH server configuration settings.
+- Export all current SSH server configuration settings as individual resource instances.
 
 > [!NOTE]
 > This resource is installed with DSC itself on systems.
@@ -46,70 +53,59 @@ and server configuration settings. The resource can:
 
 ## Requirements
 
-- The resource requires OpenSSH server and client to be installed on the Windows system.
-- The resource must run at least under a Windows Server 2019 or Windows 10 (build 1809)
-  operating system.
+- The resource requires OpenSSH server to be installed on the system.
+- The resource must run in a process context that has permissions to read and write the `sshd_config`
+  file.
+- On Windows, the default configuration file path is `%ProgramData%\ssh\sshd_config`.
+- On Linux, the default configuration file path is `/etc/ssh/sshd_config`.
 
 ## Capabilities
 
 The resource has the following capabilities:
 
-- `export` - You can use the resource to export the current SSH server configuration.
+- `get` - You can use the resource to retrieve the actual state of an instance.
+- `set` - You can use the resource to enforce the desired state for an instance.
+- `export` - You can use the resource to export all current SSH server configuration settings as
+  individual resource instances.
+
+This resource uses the synthetic test functionality of DSC to determine whether an instance is in
+the desired state. For more information about resource capabilities, see
+[DSC resource capabilities][00].
 
 ## Examples
 
-1. [Export OpenSSH configuration][00] - Shows how to export current OpenSSH configuration.
+1. [Export OpenSSH configuration][01] - Shows how to export current OpenSSH configuration.
+2. [Manage SSH server configuration settings][02] - Shows how to get and set specific sshd_config
+   directives.
 
 ## Properties
 
-The following list describes the properties for the resource.
-
-- **Required properties:** <a id="required-properties"></a> The following properties are always
-  required when defining an instance of the resource. An instance that doesn't define each of these
-  properties is invalid. For more information, see the "Required resource properties" section in
-  [DSC resource properties][01]
-
-  - [map](#map) - 
-
-- **Key properties:** <a id="key-properties"> The following properties uniquely identify an
-  instance. If two instances of a resource have the same values for their key properties, the
-  instances are conflicting. For more information about key properties, see the "Key resource
-  properties" section in [DSC resource properties][02].
-
-  - [map](#map) (required) - 
-
-### map
+The `Microsoft.OpenSSH.SSHD/sshd_config` resource uses an open-object schema where each property
+corresponds to an `sshd_config` directive. There are no fixed required or key properties. Any
+valid `sshd_config` keyword can be used as a property name with its corresponding value.
 
-<details><summary>Expand for <code>map</code> property metadata</summary>
+For example:
 
 ```yaml
-Type             : object
-IsRequired       : true
-IsKey            : false
-IsReadOnly       : false
-IsWriteOnly      : false
+PermitRootLogin: 'no'
+PasswordAuthentication: 'no'
+Port: 22
 ```
 
-</details>
+For the full list of supported directives and their values, see the
+[sshd_config man page][05] or the OpenSSH documentation.
 
 ## Instance validating schema
 
-The following snippet contains the JSON Schema that validates an instance of the resource. The
-validating schema only includes schema keywords that affect how the instance is validated. All
-non validating keywords are omitted.
+The resource uses an embedded open-object schema. Any `sshd_config` directive is a valid property.
 
 ```json
 {
-"type": "object",
-  "required": [
-    "map"
-  ],
-  "properties": {
-    "map": {
-      "type": "object",
-      "additionalProperties": true
-    }
-  }
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "sshdconfig",
+  "type": "object",
+  "properties": {},
+  "additionalProperties": true
 }
 ```
 
@@ -135,8 +131,9 @@ exit code, it also emits an error message with details about the invalid paramet
 - For more information about OpenSSH, see [OpenSSH Documentation][04]
 
 <!-- Link definitions -->
-[00]: examples/export-openssh-configuration.md
-[01]: ../../../../../concepts/resources/properties.md#required-resource-properties
-[02]: ../../../../../concepts/resources/properties.md#key-resource-properties
+[00]: ../../../../../concepts/resources/capabilities.md
+[01]: examples/export-openssh-configuration.md
+[02]: examples/manage-sshd-settings.md
 [03]: ../Windows/index.md
 [04]: /windowsserverdocs/WindowsServerDocs/administration/OpenSSH/openssh-overview
+[05]: https://man.openbsd.org/sshd_config

From a3f5f97fa30eb49b5808b4997eae0c53ba1995a1 Mon Sep 17 00:00:00 2001
From: "G.Reijn" <26114636+Gijsreyn@users.noreply.github.com>
Date: Thu, 7 May 2026 04:46:48 +0200
Subject: [PATCH 5/6] Order

---
 .../resources/Microsoft/OpenSSH/SSHD/Windows/index.md         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/index.md b/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/index.md
index b8434704d..54418b17b 100644
--- a/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/index.md
+++ b/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/index.md
@@ -28,9 +28,9 @@ resources:
     type: Microsoft.OpenSSH.SSHD/Windows
     properties:
       # Instance properties
-      shell: 
-      escapeArguments:
+      shell:
       cmdOption:
+      escapeArguments:
 ```
 
 ## Condition

From fc9176a62df0c66b19f5ebdf8a9cdf70f7de28b8 Mon Sep 17 00:00:00 2001
From: "G.Reijn" <26114636+Gijsreyn@users.noreply.github.com>
Date: Thu, 7 May 2026 04:49:41 +0200
Subject: [PATCH 6/6] Take suggestion

---
 .../Windows/examples/configure-default-shell-powershell.md   | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/examples/configure-default-shell-powershell.md b/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/examples/configure-default-shell-powershell.md
index 321e84b1e..0f3562663 100644
--- a/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/examples/configure-default-shell-powershell.md
+++ b/docs/reference/resources/Microsoft/OpenSSH/SSHD/Windows/examples/configure-default-shell-powershell.md
@@ -78,8 +78,9 @@ To restore your system to its original state, use the following command to delet
 
 ```powershell
 $params = @{
-    Path = 'HKLM:\SOFTWARE\OpenSSH'
-    Name = 'DefaultShell'
+    Path        = 'HKLM:\SOFTWARE\OpenSSH'
+    Name        = 'DefaultShell'
+    ErrorAction = 'SilentlyContinue'
 }
 Remove-ItemProperty @params
 ```