Get started with OpenSSH for Windows
Applies to: Windows Server 2022, Windows Server 2019, Windows 10 (build 1809 and later)
OpenSSH is a connectivity tool for remote sign-in that uses the SSH protocol. It encrypts all traffic between client and server to eliminate eavesdropping, connection hijacking, and other attacks.
An OpenSSH-compatible client can be used to connect to Windows Server and Windows client devices.
If you downloaded the OpenSSH beta from the GitHub repo at PowerShell/Win32-OpenSSH, follow the instructions listed there, not the ones in this article. Some information in the Win32-OpenSSH repository relates to prerelease product that may be substantially modified before it's released. Microsoft makes no warranties, express or implied, with respect to the information provided there.
Before you start, your computer must meet the following requirements:
- A device running at least Windows Server 2019 or Windows 10 (build 1809).
- PowerShell 5.1 or later.
- An account that is a member of the built-in Administrators group.
To validate your environment, open an elevated PowerShell session and do the following:
Type winver.exe and press enter to see the version details for your Windows device.
$PSVersionTable.PSVersion. Verify your major version is at least 5, and your minor version at least 1. Learn more about installing PowerShell on Windows.
Run the command below. The output will show
Truewhen you're a member of the built-in Administrators group.
Install OpenSSH for Windows
Both OpenSSH components can be installed using Windows Settings on Windows Server 2019 and Windows 10 devices.
To install the OpenSSH components:
Open Settings, select Apps, then select Optional Features.
Scan the list to see if the OpenSSH is already installed. If not, at the top of the page, select Add a feature, then:
- Find OpenSSH Client, then select Install
- Find OpenSSH Server, then select Install
Once setup completes, return to Apps and Optional Features and confirm OpenSSH is listed.
Open the Services desktop app. (Select Start, type services.msc in the search box, and then select the Service app or press ENTER.)
In the details pane, double-click OpenSSH SSH Server.
On the General tab, from the Startup type drop-down menu, select Automatic.
To start the service, select Start.
Installing OpenSSH Server will create and enable a firewall rule named
OpenSSH-Server-In-TCP. This allows inbound SSH traffic on port 22. If this rule is not enabled and this port is not open, connections will be refused or reset.
Connect to OpenSSH Server
Once installed, you can connect to OpenSSH Server from a Windows or Windows Server device with the OpenSSH client installed. From a PowerShell prompt, run the following command.
Once connected, you get a message similar to the following output.
The authenticity of host 'servername (10.00.00.001)' can't be established. ECDSA key fingerprint is SHA256:(<a large string>). Are you sure you want to continue connecting (yes/no)?
Entering yes adds that server to the list of known SSH hosts on your Windows client.
At this point, you'll be prompted for your password. As a security precaution, your password won't be displayed as you type.
Once connected, you'll see the Windows command shell prompt:
Uninstall OpenSSH for Windows
To uninstall OpenSSH using Windows Settings:
- Open Settings, then go to Apps > Apps & Features.
- Go to Optional Features.
- In the list, select OpenSSH Client or OpenSSH Server.
- Select Uninstall.
You may need to restart Windows afterwards if the service was in use at the time it was uninstalled.
Now that you've installed OpenSSH Server for Windows, here are some articles that might help you as you use it:
- Learn more about using key pairs for authentication in OpenSSH key management
- Learn more about the OpenSSH Server configuration for Windows
Submit and view feedback for