OpenSSH installation and use under Windows

OpenSSH is the open source version of the Secure Shell (SSH) tool used by administrators of Linux and other non-Windows systems to manage remote systems across platforms. OpenSSH was added to Windows in fall 2018 and is included in Windows 10 and Windows Server 2019.

SSH is based on a client-server architecture, where the system the user works on is the client and the remote system being managed is the server. OpenSSH includes a range of components and tools to provide a secure and simple method of remote system administration, including:

  • sshd.exe: It is the SSH server component that must be running on the remotely managed system
  • ssh.exe: It is the SSH client component that runs on the user's local system
  • ssh-keygen.exe: Generate, manage, and convert authentication keys for SSH
  • ssh-agent.exe: stores the private key for public key authentication
  • ssh-add.exe: add the private key to the server's allowed list
  • ssh-keyscan.exe: Helps collect public SSH host keys from many hosts
  • sftp.exe: This is the service that provides the Secure File Transfer Protocol and runs over SSH
  • scp.exe: is a file copy utility that runs over SSH


To install OpenSSH using PowerShell, first run PowerShell as an administrator. To make sure OpenSSH is available, run the following cmdlet:

Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'

If neither has been installed, this operation should return the following output:

Name  : OpenSSH.Client~~~~
State : NotPresent

Name  : OpenSSH.Server~~~~
State : NotPresent

Then, install the server or client components as needed:

# Install the OpenSSH client
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~

# Install OpenSSH server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~

Both should return the following output:

Path          :
Online        : True
RestartNeeded : False

Start and configure

To start and configure the OpenSSH server for use, open PowerShell as an administrator, and run the following command to start the sshd service:

# start the sshd service
Start-Service sshd

# Set the sshd service to run automatically
Set-Service -Name sshd -StartupType 'Automatic'

# Check if the firewall has opened port 22
if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue | Select-Object Name, Enabled)) {
    Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
    New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
    Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."

connect to the server

Once installed, you can connect to the OpenSSH server from a Windows 10 or Windows Server 2019 device with the OpenSSH client installed using PowerShell, as shown below. Be sure to run PowerShell as administrator:

ssh username@servername

You can try to use the local connection test on the server, because the user name displayed by Windows may be inconsistent with the actual user name, so get the correct user name through net user to connect.

Once connected, you will receive a message like the following:

The authenticity of host 'servername (' can't be established.
ECDSA key fingerprint is SHA256:(<a large string>).
Are you sure you want to continue connecting (yes/no)?

After selecting Yes, the server is added to a list of known SSH hosts on Windows clients. You will be prompted to enter your password at this point. As a security precaution, the password is not displayed as it is being typed.

Once connected, you will see the Windows command line interface prompt:

domain\username@SERVERNAME C:\Users\username>


# Uninstall the OpenSSH client
Remove-WindowsCapability -Online -Name OpenSSH.Client~~~~

# Uninstall OpenSSH server
Remove-WindowsCapability -Online -Name OpenSSH.Server~~~~

If the service is in use when uninstalling, you may need to restart Windows later.

Original link: Developer Tools | 7Wate

Posted by SoberDude on Thu, 29 Sep 2022 05:12:09 +0300