The built-in SSH client appeared in Windows 10 and Windows Server 2019.
Ssh.exe can be used to securely connect to Linux/UNIX servers, VMWare ESXi hosts and other devices instead of Putty, MTPuTTY and other third-party SSH clients. The native Windows SSH client is based on the OpenSSH port and is preinstalled in Windows starting from Windows 10 build 1809.
How to Enable (Install) the OpenSSH Client on Windows 10?
The OpenSSH client is included in Windows 10 Features on Demand (like RSAT). The SSH client is installed by default on Windows Server 2019, Windows 10 1809 and newer builds.
Check that the SSH client is installed:
Get-WindowsCapability -Online | ? Name -like 'OpenSSH.Client*'
In our example, the OpenSSH client is installed (State: Installed).
If not (State: Not Present), you can install it using:
- The PowerShell command:
Add-WindowsCapability -Online -Name OpenSSH.Client*
- With DISM:
dism /Online /Add-Capability /CapabilityName:OpenSSH.Server~~~~0.0.1.0
- Via Settings -> Apps -> Optional features -> Add a feature. Find OpenSSH client in the list and click Install.
OpenSSH binary files are located in
ssh.exe– the SSH client executable;
scp.exe– tool for copying files in an SSH session;
ssh-keygen.exe– tool to generate RSA SSH authentication keys;
ssh-agent.exe– used to manage RSA keys;
ssh-add.exe– adds a key to the SSH agent database.
You can install OpenSSH on previous Windows versions as well: just download and install the Win32-OpenSSH from GitHub (you can find an example in the article: Configuring SSH FTP on Windows).
Using a Native SSH Client on Windows 10
To start the SSH client, run the PowerShell or cmd.exe prompt. You can list the available options and syntax for ssh.exe:
usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-J [[email protected]]host[:port]] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] destination [command]
In order to connect to a remote server using SSH, use the following command:
If your SSH server is running on a port different from the standard TCP/22, specify the port number:
ssh [email protected] -p port
For example, to connect to a Linux host with the IP address 192.168.1.102 as root, run this command:
At the first connection, you will see a request to add the host key to the trusted list. Type
yes and press ENTER. Then the host key fingerprint is added to the C:\Users\username\.ssh\known_hosts file.
You will be prompted for a password. Specify your root password, and your remote Linux server’s console should open.
Using SSH, you can connect both to *Nix OSs and Windows. In one of the previous posts, we showed how to configure an OpenSSH server in Windows 10 and connect to it from a Windows host using an SSH client.
If you use the SSH authentication with RSA keys (see an example on how to configure SSH authentication using keys in Windows), you can specify a path to the private key file in your SSH client as follows:
ssh [email protected] -i "C:\Users\username\.ssh\id_rsa"
You can also add a private key to SSH-Agent. First, enable the ssh-agent service and configure automatic startup for it.
set-service ssh-agent StartupType 'Automatic'
Add your private key to the ssh-agent database:
Then you will be able to connect to your server over SSH without specifying the path to the RSA key. It will be used automatically. Now you can securely connect to your server without a password (if you have not protected your RSA key with a different password):
Here are some more useful SSH arguments:
-C– used to compress traffic between client and server (it is useful in case of slow or unstable connections)
-v– displays detailed information about all SSH client actions
-R/-L– can be used to forward ports using an SSH tunnel
Using SCP.exe to Transfer Files to/from Windows Host Using SSH
Using the scp.exe tool (is a part of Windows 10 SSH client package), you can copy a file from your computer to the SSH server:
scp.exe "E:\ISO\CentOS-8.1.x86_64.iso" [email protected]:/home
You can copy all directory contents recursively:
scp -r E:\ISO\ [email protected]:/home
And vice versa, you can transfer a file from a remote server to your computer:
scp.exe [email protected]:/home/CentOS-8.1.x86_64.iso c:\iso If you configure authentication using RSA keys, you won’t be prompted to enter your password to transfer files. This is useful if you want to configure automatic scheduled file copying.
Thus, you can connect to SSH servers directly from your Windows 10, copy files using scp without any other third-party apps or tools.