Skip to main content This browser is no longer supported. Show
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Get started with OpenSSH for Windows
In this article
OpenSSH is a connectivity tool for remote sign-in that uses the SSH protocol. It encrypts all traffic between client and server to eliminate eavesdropping, connection hijacking, and other attacks. An OpenSSH-compatible client can be used to connect to Windows Server and Windows client devices. Important If you downloaded the OpenSSH beta from the GitHub repo at PowerShell/Win32-OpenSSH, follow the instructions listed there, not the ones in this article. Some information in the Win32-OpenSSH repository relates to prerelease product that may be substantially modified before it's released. Microsoft makes no warranties, express or implied, with respect to the information provided there. PrerequisitesBefore you start, your computer must meet the following requirements:
Prerequisites checkTo validate your environment, open an elevated PowerShell session and do the following:
Install OpenSSH for Windows
Both OpenSSH components can be installed using Windows Settings on Windows Server 2019 and Windows 10 devices. To install the OpenSSH components:
Once setup completes, return to Apps and Optional Features and you should see OpenSSH listed. Note Installing OpenSSH Server will create and enable a firewall rule named To install OpenSSH using PowerShell, run PowerShell as an Administrator. To make sure that OpenSSH is available, run the following cmdlet:
The command should return the following output if neither are already installed:
Then, install the server or client components as needed:
Both commands should return the following output:
To start and configure OpenSSH Server for initial use, open an elevated PowerShell prompt (right click, Run as an administrator), then run the
following commands to start the
Connect to OpenSSH ServerOnce installed, you can connect to OpenSSH Server from a Windows or Windows Server device with the OpenSSH client installed. From a PowerShell prompt, run the following command.
Once connected, you get a message similar to the following output.
Entering yes adds that server to the list of known SSH hosts on your Windows client. At this point, you'll be prompted for your password. As a security precaution, your password won't be displayed as you type. Once connected, you'll see the Windows command shell prompt:
Uninstall OpenSSH for Windows
To uninstall OpenSSH using Windows Settings:
To uninstall the OpenSSH components using PowerShell, use the following commands:
You may need to restart Windows afterwards if the service was in use at the time it was uninstalled. Next stepsNow that you've installed OpenSSH Server for Windows, here are some articles that might help you as you use it:
FeedbackSubmit and view feedback for Which secured Tunnelling protocol might be able to cross firewalls where IPsec is blocked?Which secured tunneling protocol might be able to cross firewalls where IPsec is blocked? - OpenVPN, is an open-source VPN protocol that uses a custom security protocol called OpenSSL for encryption. OpenVPN has the ability to cross many firewalls where IPsec might be blocked.
Which current protocol is used to create secure transmissions for HTTP browsing sessions?TLS is a cryptographic protocol that provides end-to-end security of data sent between applications over the Internet. It is mostly familiar to users through its use in secure web browsing, and in particular the padlock icon that appears in web browsers when a secure session is established.
What organization issues digital certificates for websites?Digital certificates are issued by Certificate Authorities (CAs). Organizational Registration Authorities (ORAs) authenticate the identity of a certificate holder before issuing a certificate to them.
Which port must be open for RDP traffic to cross a firewall?Remote Desktop Protocol (RDP) is a Microsoft proprietary protocol that enables remote connections to other computers, typically over TCP port 3389.
|