Until recently, if you wanted to use SSH on Windows, you’d need to rely on third-party clients like PuTTY or install SSH server packages from similar sources.
However, the April 2018 update (version 1803) introduced OpenSSH as a built-in feature. As long as you’re running supported Windows versions, you can install the OpenSSH client and server components as optional features.
As such, we’ll cover the prerequisites, full steps to install OpenSSH using various methods, and how to get started with it in this article.
How to Install OpenSSH
Before you begin, you’ll want to ensure the following requirements are met:
Optional Features (GUI)
The easiest way to install OpenSSH on Windows is from the Optional Features page in Windows Settings.
PowerShell
If you want to be more efficient, you can also perform the same steps as above in an elevated PowerShell window.
GitHub (MSI)
If you downloaded theOpenSSH package from GitHub, you can install the components using the MSI Installer withmsiexec /i .
After installing the components, follow these steps toupdate the system PATH variable:
Now, you’re able to runGet-Service -Name ssh*in PowerShell to verify that the components were installed properly. If you also need to start the required services or open ports, please refer to either of the earlier sections for the steps.
Finally, if you want to use other methods like Winget or Chocolatey, we recommend checking out theOpenSSH wiki on GitHub. In addition to install instructions, it also has various usage examples and manuals that you might find useful.
OpenSSH Server Configuration
By default, the OpenSSH server (sshd) in Windows reads the configuration data from%programdata%\ssh\sshd_config. Numerous configuration options are listed in this file, but as the Windows implementation of OpenSSH is still fairly new, only certain configurations are supported at present.
We’ve listed some commonly made configuration changes below for reference. We recommend checking theOpenSSH server configuration guidefrom Microsoft orthe one on GitHubfor the full list of options. Also, don’t forget to restart the sshd service to apply any changes made.
Get Started With OpenSSH
You can use any of the methods listed above to set up another Windows system as an OpenSSH client, server, or both. And if you’re new to SSH, here are some basic steps to get started:
Password-based authentication is generally fine, but ideally, you should use even more secure authentication methods like Kerberos and SSH keys. For Kerberos, follow the steps listed below:
Authenticate With SSH Key
When connecting across domains, password-based authentication isn’t recommended as its vulnerable to brute forcing. Instead, you should use public key authentication. This uses cryptographic algorithms to generate one public and one private key file.
A user’s public key is stored on the SSH server, and it’s compared with the client-side private key for authentication. As long as the private key is protected properly, this authentication method is much more secure.
You’ll need to generate the key pair on the client system, create an authorized keys file on the server, and store the client’s public key in this file. To do this, start with the following steps on the server system:
Now, launch anElevated PowerShell windowon the client system and follow these steps:
Troubleshooting Common Errors
SSH Errors likePort 22 Connection Refused, or Connection Timed Out are pretty common. If you followed the steps from this article, basic steps like ensuring the SSH services are running, restarting them, allowing SSH traffic through the firewall, adding SSH to system PATH, etc., will already be covered.
In addition to these, here are some more troubleshooting steps worth trying:
