Puget Systems print logo
Read this article at https://www.pugetsystems.com/guides/1470
Dr Donald Kinghorn (Scientific Computing Advisor )

How To Use SSH Client and Server on Windows 10

Written on May 31, 2019 by Dr Donald Kinghorn


Secure Shell (ssh) is a standard tool included on most "network" operating systems i.e. Linux, UNIX, MacOS, etc.. In the past Windows required a 3rd party application to get even a usable ssh client. For users who needed to connect securely to the rest of the world with a command line interface PuTTY has been a common addition. After several decades Microsoft finally has a native ssh client AND server on Windows! Both the client and server are standard (and in stable versions) on Windows 10 since the 1809 "October Update".

For a developer or researcher it's not unusual to be working with several machines at the same time. Connecting remotely to servers or other workstations in a mixed OS environment is a common need. You can now connect from a Windows 10 system to Linux servers or workstations easily and you can go the other direction too. You can "ssh into" a Windows 10 machine from Linux or other Windows machines. For me personally this kind of connectivity is essential. I may be using 3 or 4 different machine at the same time and I always have several terminal's open. I typically work with Linux and Windows 10 (locally or remotely) at the same time. The interoperability between Linux and Windows 10 has become very good.

This post is a setup guide and introduction to ssh client and server on Windows 10. I'm doing this partly as a reference for other posts that I'll be doing where this functionality will be utilized.

I am not going to cover much detail about using ssh. If ssh is new to you then note that Microsoft ssh is a native port of the widely used standard OpenSSH client and server. That means that most information about using ssh that you find online will apply even though those sources will likely be references from Linux, UNIX or MacOS. The official documentation for components of OpenSSH is the standard reference. The Windows Server documentation has a section titled "OpenSSH in Windows"

The normal suite of of functions are included with the Windows 10 port,

  • ssh.exe, which is the SSH client used from the user's local system
  • sshd.exe, which is the SSH server that accept connections from other systems
  • ssh-keygen.exe generates, manages and converts authentication keys for SSH
  • ssh-agent.exe stores private keys used for public key authentication
  • ssh-add.exe adds private keys to the list allowed by the server
  • ssh-keyscan.exe aids in collecting the public SSH host keys from a number of- hosts
  • sftp.exe is the service that provides the Secure File Transfer Protocol, and- runs over SSH
  • scp.exe is a file copy utility that runs on SSH

The user applications that you will use most frequently are; ssh (secure shell), for connecting to other systems, and scp (secure copy) for for copying files and directories back and forth with remote systems.

Enable ssh and ssh server on Windows 10

I am using a fresh install of Windows 10 Pro 1903. I have done this on Windows 10 Home too.

The simplest way to setup ssh and ssh server is to use PowerShell. After all you do want to use the command-line, right?

You need administrator privileges to enable services so open Powershell as Administrator, (right click on the Powershell icon in the application menu)

powershell as admin

The following command will show you the name and state of OpenSSH on your system,

Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'

You should see something like,

Name : OpenSSH.Client~~~~
State : Installed

Name : OpenSSH.Server~~~~
State : NotPresent

That is telling you that the ssh client is installed. (It's ready to use by default in recent Windows 10 builds.) The server is not setup yet.

Add the OpenSSh server component,

Add-WindowsCapability -Online -Name OpenSSH.Server~~~~

That command will download the server component and install it. Output will look like,

Path :
Online : True
RestartNeeded : False

Note: If for some reason your systems showed "NotPresent" for the client too then you would do the same command above but using "OpenSSH.Client~~~~"

You now have the ssh server installed but it is not running. The next command will start the service,

Start-Service sshd

That will start silently. You can see that it is running with Get-Service,

PS C:Windowssystem32> Get-Service sshd

Status Name DisplayName
------ ---- -----------
Running sshd OpenSSH SSH Server

You could stop it with, you guessed it, "Stop-Service sshd"

Note: the name of the ssh server application is "sshd". This is a typical naming convention from UNIX. The "d" means "daemon". Services in Linux/UNIX are called daemons. Now you understand the meaning of the BSD UNIX mascot "Beastie" which you may have seen before.

In order to avoid having to manually start sshd you can do the following to have it start on boot.

Set-Service -Name sshd -StartupType 'Automatic'

The last thing to check is the firewall setting for sshd. It by default uses the port number 22. Enabling the service automatically created the following firewall rules,

PS C:Windowssystem32> Get-NetFirewallRule -Name *ssh*

Name                  : OpenSSH-Server-In-TCP
DisplayName           : OpenSSH SSH Server (sshd)
Description           : Inbound rule for OpenSSH SSH Server (sshd)
DisplayGroup          : OpenSSH Server
Group                 : OpenSSH Server
Enabled               : True
Profile               : Any
Platform              : {}
Direction             : Inbound
Action                : Allow
EdgeTraversalPolicy   : Block
LooseSourceMapping    : False
LocalOnlyMapping      : False
Owner                 :
PrimaryStatus         : OK
Status                : The rule was parsed successfully from the store. (65536)
EnforcementStatus     : NotApplicable
PolicyStoreSource     : PersistentStore
PolicyStoreSourceType : Local

Note: If you enable sshd you are creating an "open port" for port 22. (Otherwise you wouldn't be able to connect to it.) If your system is exposed to the outside world then that might bother you. You can do things to tighten up security like disallowing passwords and requiring only "public-key" access. I'm not going to cover any of that here. If you are on a private LAN you don't have too much to worry about, but always be security conscious and use good passwords!

Now that you have the server up and running you should close the Powershell that you were running as Administrator. Start another Powershell as your normal user for the examples below.

Using ssh on Windows 10

Now the fun stuff.

The basic connection command (on any OS) for ssh looks like,

ssh user-name-on-remote-sys@ip-address-of-remote-sys

If your user name on the system you are connecting from is the same as your user name on the system you are connecting to, then you can leave out the "user-name-on-remote-sys@" part. There are a lot of options for ssh, to dig deeper look at the docs

If you are on a network with "name resolution i.e. DNS" then you can use the name for the machine rather than it's ip address.

ssh from Windows 10 to Linux

For this example I'll go through the details you see when connecting to a Linux machine. I'm using Powershell on Windows 10.

The following shows my Powershell command prompt with my user name "don". I'm connecting to one of my Linux systems on a local network. My user name is "kinghorn" on that machine.

PS C:Usersdon> ssh kinghorn@

When you first connect to a machine that you haven't accessed before you will see something like,

The authenticity of host ' (' can't be established.
ECDSA key fingerprint is SHA256:(a bunch of stuff...).
Are you sure you want to continue connecting (yes/no)? yes

Saying "yes" adds a key entry to your ".sshknown_hosts" file. The next time you connect ssh will check that key and will either silently connect or give you a scary message if the key doesn't match. [A key mismatch can happen if you reinstall the remote system and it still has the same ip address. It will have a new ssh key. To fix that you will need to remove the old key from the "known-hosts" file.]

After your first connection with ssh look in your user directory and you should see a new directory named .ssh There is a lot of configuration options that can be set in various files in that directory but you usually don't need to do anything in there unless you start doing "public key exchange" for connecting to systems securely without passwords.

ssh directory

Here's an example Powershell session "ssh-ing" into a Linux system,

PS C:\Users\don> ssh kinghorn@
The authenticity of host ' (' can't be established.
ECDSA key fingerprint is SHA256:(a bunch of stuff...).
Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '' (ECDSA) to the list of known hosts.

kinghorn@'s password:
Welcome to Ubuntu 19.04 (GNU/Linux 5.0.0-15-generic x86_64)

then a long default login message from Ubuntu...

Last login: Tue May 28 09:27:03 2019 from

kinghorn@U19:~$ ls
anaconda3  bin  Desktop  Documents  Downloads  Music  Pictures  projects  Public  snap  Templates  tmp  Videos

From there I am securely connected to my Linux system with a command prompt ready for what ever I need to do.

ssh From Linux to Windows 10

Since we have the OpenSSH server running on the Windows 10 system we can ssh into that now too.

You might not think you wouldn't do that much but I actually do that fairly often. Right now I have 3 Windows 10 machines running and 3 Linux machines including one at a remote location that I am doing testing on. I can connect from any of these machines to any other with ssh. I am writing this post on a Linux machine and I just used the "scp" command (part of the ssh bundle) to copy a directory of screen shots from a Windows 10 machine here. And, I didn't even have to go near the Windows machine to do that.

Here is a session where I log into my Windows 10 laptop from an Ubuntu 19.04 machine.

When you connect to the ssh server on Windows 10 you are given a CMD shell (the old DOS like shell). From there I started Powershell and then started bash on Ubuntu 18.04 using WSL (Windows Subsystem for Linux). The interoperability between Windows 10 and Linux is getting very good!

kinghorn@U19:~$ ssh don@
don@'s password: 

Microsoft Windows [Version 10.0.17763.529]
(c) 2018 Microsoft Corporation. All rights reserved.

don@DLAP C:Usersdon>powershell
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

PS C:Usersdon> bash

Note: On that laptop I am using a Microsoft account so my password was for that account.

ssh from Windows 10 to Windows 10

This works the same as any other combination of OS's. From Windows 10 you can use Powershell or CMD to run ssh. [If you have WSL installed you can use that too.] By default when you ssh to a Windows 10 machine you will login to CMD, it doesn't matter what you use to connect from.

In this example I am connecting to the the Windows 10 machine that I used for the ssh setup testing. I'm connecting from the laptop I connected to in the example above. (I'm not anywhere near that laptop.)

don@DLAP C:Usersdon>ssh don@

Microsoft Windows [Version 10.0.18362.116]
(c) 2019 Microsoft Corporation. All rights reserved.

don@DESKTOP-Q36DH26 C:Usersdon>

No big surprises here, it just works. It's basically the same connecting from any OS to another. The main difference is the "shell" command that you connect from and the shell you connect to.

scp Secure Copy

One of the most useful tools in the ssh suite is "scp". This gives you a simple to use encrypted remote copy capability. It uses ssh as a "tunnel" for the copy.

The basic usage of scp for a single file copy to a remote machine is

scp file1  username@machine-ip:path-to-directory

The important thing to note here is that after "machine-ip" ( : ) is the top level directory of the machine. The path-to-the directory should use the syntax of the machine you are connecting to i.e. for Linux the directory separator is (/) for Windows it's (). Also, on Linux (~) is shorthand for the login users home directory. Connecting to windows you have to give the full path. And, on Linux when accessing Windows you have to quote (") the username and path because of the backslashes.

To copy a file from a remote machine to your local machine it's,

scp  username@machine-ip:path-to-file(/or)file1 path-to-directory-on-local-machine 

You can use dot (.) to indicate the current directory on the local machine.

To copy directories use, -r (recursive)

scp -r director-on-local-machine username@machine-ip:path-to-directory


scp -r  username@machine-ip:path-to-remote-directory  path-to-directory

That may be confusing so here are some real examples.

Copy a directory named "ssh-images" from Windows 10 to Linux starting on the Windows machine with Powershell.

PS C:Usersdon> scp -r ssh-images kinghorn@

That put the ssh-images in "tmp" in my Linux home directory.

Now the same thing but starting from the Linux machine (using dot (.) for the current directory)

scp -r "don@" .

Note the full path and quotes.


I hope this guide is helpful to both Windows and Linux users who want better interoperability. I also hope this is encouraging for user who may have never used ssh. I think it's great how easy it is getting to be to work productively in a mixes OS environment. Microsoft, much to their credit, keeps making Windows more useful for mixed environments. I'm looking forward to the terminal application they will have out soon and to the release of WSL2. With those 2 application in place windows will be nicely interoperable and will be much improved as a solid developers system.

One of the main reasons I wrote this post is because I want to refer to it in a post about using Python Jupyter notebooks remotely between machines with different OS's. Expect to see that post soon. I may also write about using WSL and an Xwindow server on Windows 10.

Happy computing! --dbk @dbkinghorn

Looking for a
Scientific Compute System?

Do you have a project that needs serious compute power, and you don't know where to turn? Puget Systems offers a range of HPC workstations and servers tailored for both CPU and GPU workloads.

Why Choose Puget Systems?

Built specifically for you

Rather than getting a generic workstation, our systems are designed around your unique workflow and are optimized for the work you do every day.

Fast Build Times

By keeping inventory of our most popular parts, and maintaining a short supply line to parts we need, we are able to offer an industry leading ship time.

We're Here, Give Us a Call!

We make sure our representatives are as accessible as possible, by phone and email. At Puget Systems, you can actually talk to a real person!

Lifetime Support/Labor Warranty

Even when your parts warranty expires, we continue to answer your questions and even fix your computer with no labor costs.

Click here for even more reasons!

Puget Systems Hardware Partners

Tags: Windows 10, ssh, Linux, ssh server
Emmanuel Lopez Torres

Bless your soul. I went two weeks looking for SSH solutions and this was straight to the point. Thank you.

Posted on 2019-10-18 17:00:47
Phillip Walker

Amazing after all my hours of searching and failed attempts by trying advice from other sites (and almost giving up as half of the sites say it is not possible), you actually have a working solution for Windows 10 Home. Thank you!

Posted on 2019-11-28 10:37:11
Barney Barnes

This is a lucid, well-written post. But my problem is that, while I can ssh from my kali box over the LAN, the password(s) are NOT accepted when I try to ssh over the internet to my domain. I am absolutely certain my domain is pointed to my windows box and the OpenSSH server answers by presenting the password prompts. Do you have any idea what is causing this? Thanks.

Posted on 2019-12-07 20:20:34
Donald Kinghorn

the first thing that comes to mind is "username" I have different user names in my Linux and Windows accounts. If you don't specify the username to ssh then it defaults to your current user ... which may be different from your username on the machine you are trying to connect to. You can use
ssh name@192..... or ssh -u name 192.....

If your domainname is public you could also be hitting a firewall rule. On Win ssh LAN connections are allowed but I'm not sure about Public WAN (that should be blocked by default) ... but I would think you would not get a prompt in this case

It could even be a ssh-config problem like "strict host checking" or something ??? Win10 has a hosts file and you could try adding an entry there C:\Windows\System32\drivers\etc\hosts You will probably have to run an editor "as Administrator" to edit it.

It's hard to say for sure. You will have to do some network debugging ... Try the "name" thing first! I get caught by that quite often :-)

Posted on 2019-12-09 16:58:46
Barney Barnes

Ok thanks for your prompt response. Problem was solved earlier. My Pioneer FW required me to specify port 22 instead of a blanket open of all the tcp ports. BTW since your articles are articulate, do you have any interest in trojan technology? I ask this because I have developed a library of windows trojans which can be deployed via github and powershell.

Posted on 2019-12-09 18:01:25
Barney Barnes

Sorry about this. I didn't really want to advertise that even though your website is not exactly well-travelled. Would you please remove it? If you want to pursue the topic further, direct me an email address. Thanks.

Posted on 2019-12-09 19:23:23
Donald Kinghorn

Got you covered on the other part of this comment thread ... best wishes --dbk

Posted on 2019-12-09 20:13:56
Evan Cooch

Superb and thorough review - thanks! I found the step-by-step instructions, clear, and accurate. Was wondering if there is an easy way with WIn 10's implementation of openSSH to change the default port? For example, on my other machines (which run either GNU/Linux, or Win 7 with the Cygwin sshd as a service), I use a non-standard port (say 2234). On a Linux box this might be in /etc/ssh/sshd_config, or in the /etc/hosts file for Cygwin. Any such options using Windows 10's 'native' sshd?

p.s. I'll be trying this at some point in the near future on a couple of different Puget systems ;-)

Posted on 2019-12-26 21:24:42
Evan Cooch

Figured it out. The challenge (verging on nuisance) is that the MS incarnation of openSSH bundles a sshd_config_default that is not 'editable' -- it points at port 22, and at first attempt, you think you're stuck (you can't even 'advance permissions' your way around it). But....I realized that openssh is writing things out to the hidden \programdata subdirectory, and sure enough, in said subdir, there is a copy of sshd_config that the server is actually generating and using. It is admin writable, so, edit it, point it at whatever port you want, open up said port in the WIndows firewall, and it works perfectly.

Posted on 2019-12-28 12:48:52
Donald Kinghorn

Hi Evan, Thanks for posting that! I hadn't seen your question ... I'm glad you found that. I haven't tried to change any defaults but, yes, changing the port is something I need to do sometimes too.

Posted on 2019-12-30 17:01:14
Evan Cooch

Sure. Turns out that if you read the MS documentation (https://docs.microsoft.com/..., you'll find reference to the %ProgramData% location for the active/working sshd_config. You'll also see that MS's version of openSSH is 'different' than the standard versio (in that some options don't work, or are hard-wired in...).

Posted on 2019-12-30 17:16:07
pardeep makkar

This is a good guide for new users also. I am able to connect via ssh now. But what about ssh -X? How one would be able to connect to display?

Posted on 2020-05-14 14:45:27
Donald Kinghorn

If you install an X server on Windows it should work. I use VcXsrv https://sourceforge.net/pro... I have used that to connect X applications from WSL to the desktop too :-) X usually works OK but occasionally you have to fight with DISPLAY env or permissions

I'll warn you that remote openGL graphics is painful. I periodically get it working. I don't use it enough to maintain it and every time I try to do something I have to struggle with it.

Posted on 2020-05-14 15:32:44
pardeep makkar

Thanx for the quick reply. Okay i have downloaded the same. And configured it. But still confused how to use it.

Posted on 2020-05-14 16:40:13
Donald Kinghorn

X is annoying on Windows sometimes because it's not native (X is annoying in general :-)
There are things that have to be present (and found) on the server (i.e. your windows machine where the X-server is) ... there is xauth and the DISPLAY environment variable problems.

The easiest thing to do is use the "launch" panel for VsXsrv ... look in your application menu for VsXsrv and click on that, a panel will come up that will walk you through setting up a connection config. For example I tested it just now by adding a config for opening mate-terminal that is on an Ubuntu MATE desktop system I have running. (you need the ip address and login info and proper name of the application of course) That worked fine. The terminal started up on Windows desktop and worked as expected. It didn't have it's theme active that I normally use because that config is back on the Ubuntu sys but it worked as expected.

Really X is probably something you wont use that much. ??

Just FYI, If you haven't tried it yet the new MS terminal app is pretty nice and it will use PowerShell, CMD and bash shells from WSL ... pretty useful term app!

Where I did use X on Windows years ago was for launching Matlab and a few other programs that were running on UNIX servers hosted with site licenses of a University ... where I was a researcher :-)

Posted on 2020-05-15 16:17:33
pardeep makkar

X is actually much needed for me as I am also a researcher :-). Was trying that you suggested But some confusions. While configuring username and password is fine but what would be the remote program, connect to computer and Private key?

Posted on 2020-05-16 06:00:29
Donald Kinghorn

the remote program is the name of the executable you are trying to use (the real file name of the executable on your PATH on the remote machine ) the private key entry is if you are using an ssh key instead of a password to connect to the remote machine

Posted on 2020-05-18 15:30:58

Have you tried to connect using public/private key exchange instead user/password?
I haven't succeeded yet - may be a permission problem on the authorized_keys file or the .ssh directory.
All the rest worked beautifully, thank you!

Posted on 2020-05-22 14:38:10
Donald Kinghorn

you may be right on about the perms on the authorized_keys file. On linux it should be something like chmod 600

I just tried setting up key exchange from my Win laptop to a Linux box. did ssh-keygen -t rsh on the windows side and then logged into the Linux sys with password and manually copied the pub key into an authorized_keys file and did a chmod 600 on it. Worked as expected.

However, I think there are some gotcha's (other than the usual :-) I read something that if you are adding a key to a Windows sys and the user account you are accessing has admin privilege the the keys don't go into the users .ssh/authorized_keys file but some higher level sys dir ???? ... I'm not sure about that!

Posted on 2020-05-22 17:36:04
Donald Kinghorn

also, I tried to fix those missing \'s but our blog editor stripped them out even with escapes :-)

Posted on 2020-05-22 19:49:47

Annoying that \ is OK in the comments, but not the main article. Ah, the tools, the tools. :-\
I prefer Unixey file systems, chmod is easier to grok.

Posted on 2020-05-26 21:43:40

Hi Dr Donald Kinghorn,

I have an issue:

I have windows 10 home machine and I got the windows 10 education key for free (student account) from Microsoft and thus enabled Remote desktop.
I installed OpenSSH client and server in my App>optional features.

I have 2 fedora VMs on this host using a virtual box 6.1. These 2 VMs are having 2 adapters each: NAT, Host only.

The IPs are as follows:

I am able to ping any IP from any IP.

Also, I did completely exactly your "Enable ssh and ssh server on Windows 10" section.

But, when I try the below command, I get the error:

PS C:\> ssh root@
ssh: connect to host port 22: Connection refused

Can you please help me? I am trying to SSH from host to VMs.


Posted on 2020-08-27 20:37:14
Donald Kinghorn

ssh to root is by default not allowed these days. It's generally expected that you will ssh to a user account and then su to root (or use sudo)
But, there are times when you really do want ssh to root! Like doing a small cluster setup on a private network for example.

You need to enable root login in /etc/ssh/sshd_config. You'll need to login on the console and then edit that file as root. Look for the line with PermitRootLogin. Uncomment it (if it has a # in front of it) and set it to yes

PermitRootLogin yes

and then do a service sshd restart

I don't know if Fedora will be locked down any further than that ?? There might be something about allowing root to login with a password. It's a good idea to generate key pairs too ... look up documentation about ssh-keygen and password-less login. Best wishes --Don

Posted on 2020-08-27 21:57:35
mahdi safari

hello sir
my case is kinda like this one instead when i connect to my host from my ubuntu server in vm when i run VBoxManage list runningvms it shows nothing which means that there is no vms runnings
and when i run VBoxManage list vms it shows correct vms.
this is a problem because when i try to shutdown or start a vm via my loadbalancer vm in a cloud project i cannot handle the automatic scaling.
i really need your help

Posted on 2021-02-04 11:46:03

Fantastic article. Followed all the steps in less than 3 minutes thanks to your dummy-friendly wording and instructions!

Posted on 2020-10-20 04:24:20

Let's say I got paranoid about having port 22 open to the world, how could I then be sure that I close it and it remains closed? Would it be enough to simply run "Stop-Service sshd" and then uninstall OpenSSH.Server?

Posted on 2020-10-23 21:42:21
Luca Guarro

Let's say I got paranoid about having port 22 open to the world, how could I then be sure that I close it and it remains closed? Would it be enough to simply run "Stop-Service sshd" and then uninstall OpenSSH.Server?

Posted on 2020-10-23 21:42:56
Donald Kinghorn

That's a good question. I'm not very skilled with Window firewall configuration but you should be able to block the port there. Also, if Windows is doing the right thing then it should close the port when you stop the service too. (or it just wont matter because nothing is listening there anymore) Likewise, uninstalling the Server should close the port. But don't take my word for this! I only use Windows on a LAN behind a firewall so I don't usually mess with the Win 10 firewall.

Posted on 2020-10-26 21:52:43

Thanks for the tips, Dr Donald!

I believe these are the best options you can try:

-Bitvise SSH Client
-Windows Terminal (Cross Platform)
-Windows Subsystem for Linux

And these was discuss through the mini-course at tinyurl.com/sshclientcourse

Posted on 2020-12-29 02:48:03