Get started with OpenSSH for Windows

Applies to: Windows Server 2022, Windows Server 2019, Windows 11, Windows 10

OpenSSH is a connectivity tool for remote sign-in that uses the SSH protocol. It encrypts all traffic between client and server to eliminate eavesdropping, connection hijacking, and other attacks.

An OpenSSH-compatible client can be used to connect to Windows Server and Windows client devices.

Important

If you downloaded the OpenSSH beta from the GitHub repo at PowerShell/Win32-OpenSSH, follow the instructions listed there, not the ones in this article. Some information in the Win32-OpenSSH repository relates to prerelease product that may be substantially modified before it's released. Microsoft makes no warranties, express or implied, with respect to the information provided there.

Prerequisites

Before you start, your computer must meet the following requirements:

  • A device running at least Windows Server 2019 or Windows 10 (build 1809).
  • PowerShell 5.1 or later.
  • An account that is a member of the built-in Administrators group.

Prerequisites check

To validate your environment, open an elevated PowerShell session and do the following:

  • Type winver.exe and press enter to see the version details for your Windows device.

  • Run $PSVersionTable.PSVersion. Verify your major version is at least 5, and your minor version at least 1. Learn more about installing PowerShell on Windows.

  • Run the command below. The output shows True when you're a member of the built-in Administrators group.

    (New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
    

Install OpenSSH for Windows

To install the OpenSSH components on Windows 10 devices:

  1. Open Settings, select System, then select Optional Features.

  2. Scan the list to see if the OpenSSH is already installed. If not, at the top of the page, select Add a feature, then:

    • Find OpenSSH Client, then select Install
    • Find OpenSSH Server, then select Install
  3. Open the Services desktop app. (Select Start, type services.msc in the search box, and then select the Service app or press ENTER.)

  4. In the details pane, double-click OpenSSH SSH Server.

  5. On the General tab, from the Startup type drop-down menu, select Automatic and then select Ok.

  6. To start the service, select Start.

To install the OpenSSH components on Windows 11 devices:

  1. Open Settings, select System, then select Optional Features.

  2. Scan the list to see if the OpenSSH is already installed. If not, at the top of the page, select View Features, then:

    • Search for OpenSSH Client, select Next, then select Install
    • Search for OpenSSH Server, select Next, then select Install
  3. Open the Services desktop app. (Select Start, type services.msc in the search box, and then select the Service app or press ENTER.)

  4. In the details pane, double-click OpenSSH SSH Server.

  5. On the General tab, from the Startup type drop-down menu, select Automatic and then select Ok.

  6. To start the service, select Start.

To install the OpenSSH components on Windows Server devices:

  1. Open Settings, select System, then select Optional Features (also referred to as Manage optional features).

  2. Scan the list to see if the OpenSSH is already installed. If not, at the top of the page, select Add a feature, then:

    • Search for OpenSSH Client, then select Install
    • Search for OpenSSH Server, then select Install
  3. Open the Services desktop app. (Select Start, type services.msc in the search box, and then select the Service app or press ENTER.)

  4. In the details pane, double-click OpenSSH SSH Server.

  5. On the General tab, from the Startup type drop-down menu, select Automatic and then select Ok.

  6. To start the service, select Start.

Note

Installing OpenSSH Server will create and enable a firewall rule named OpenSSH-Server-In-TCP. This allows inbound SSH traffic on port 22. If this rule is not enabled and this port is not open, connections will be refused or reset.

Connect to OpenSSH Server

Once installed, you can connect to OpenSSH Server from a Windows or Windows Server device with the OpenSSH client installed. From a PowerShell prompt, run the following command.

ssh domain\username@servername

Once connected, you get a message similar to the following output.

The authenticity of host 'servername (10.00.00.001)' can't be established.
ECDSA key fingerprint is SHA256:(<a large string>).
Are you sure you want to continue connecting (yes/no)?

Entering yes adds that server to the list of known SSH hosts on your Windows client.

At this point, you'll be prompted for your password. As a security precaution, your password won't be displayed as you type.

Once connected, you'll see the Windows command shell prompt:

domain\username@SERVERNAME C:\Users\username>

Uninstall OpenSSH for Windows

To uninstall OpenSSH using Windows Settings:

  1. Open Settings, select System, then select Optional Features (also referred to as Manage optional features).
  2. In the list, select OpenSSH Client or OpenSSH Server.
  3. Select Uninstall.

You may need to restart Windows afterwards if the service was in use at the time it was uninstalled.

Next steps

Now that you've installed OpenSSH Server for Windows, here are some articles that might help you as you use it: