Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
OpenSSH is a connectivity tool for remote sign-in that uses the SSH protocol. It encrypts all traffic between client and server to eliminate eavesdropping, connection hijacking, and other attacks.
An OpenSSH-compatible client can be used to connect to Windows Server and Windows client devices.
Important
If you downloaded the OpenSSH beta from the GitHub repo at PowerShell/openssh-portal, follow the instructions listed there, not the ones in this article. Some information in the Win32-OpenSSH repository relates to prerelease product that might be substantially modified before it's released. Microsoft makes no warranties, express or implied, with respect to the information provided there.
Prerequisites
Before you start, your computer must meet the following requirements:
A device running at least Windows Server 2019 or Windows 10 (build 1809).
PowerShell 5.1 or later.
An account that is a member of the built-in Administrators group.
Prerequisites check
To validate your environment, open an elevated PowerShell session and do the following:
Enter winver.exe and press enter to see the version details for your Windows device.
Run
$PSVersionTable.PSVersion. Verify your major version is at least 5, and your minor version at least 1. Learn more about installing PowerShell on Windows.To check when you're an administrator, run the following command. The output shows
Truewhen you're a member of the built-in Administrators group.(New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
Enable OpenSSH Server
Beginning with Windows Server 2025, OpenSSH is now installed by default. You can also enable or disable the sshd service in Server Manager.
To enable SSHD using Server Manager:
In Server Manager, on the navigation pane to the left, select Local Server.
In the Properties window, locate Remote SSH Access.
Select Disabled to enable the OpenSSH service.
Note
If you need to allow or restrict specific users or groups from using OpenSSH for remote access, add them to the OpenSSH Users user group.
Install OpenSSH Server & Client
To install the OpenSSH components on Windows Server devices:
Select Start, type Optional Features in the search box, then select Add an optional feature.
Scan the list to see if the OpenSSH is already installed. If not, at the top of the page, select Views features, then:
Search for and select OpenSSH Client, select Next, then Install
Search for and select OpenSSH Server, select Next, then Install
Open the Services desktop app. (Select Start, type services.msc in the search box, and then select the Service app or press ENTER.)
In the details pane, double-click OpenSSH SSH Server.
On the General tab, from the Startup type drop-down menu, select Automatic and then select Ok.
To start the service, select Start.
Note
Installing OpenSSH Server creates and enables a firewall rule named OpenSSH-Server-In-TCP. This rule allows inbound SSH traffic on port 22. If this rule isn't enabled and this port isn't open, connections are refused or reset.
Install OpenSSH Server & Client
To install the OpenSSH components on Windows Server devices:
Select Start, type Optional Features in the search box, then select Optional Features (also referred to as Manage optional features).
Scan the list to see if the OpenSSH is already installed. If not, at the top of the page, select Add a feature, then:
Search for OpenSSH Client, then select Install
Search for OpenSSH Server, then select Install
Open the Services desktop app. (Select Start, type services.msc in the search box, and then select the Service app or press ENTER.)
In the details pane, double-click OpenSSH SSH Server.
On the General tab, from the Startup type drop-down menu, select Automatic and then select Ok.
To start the service, select Start.
Note
Installing OpenSSH Server creates and enables a firewall rule named OpenSSH-Server-In-TCP. This rule allows inbound SSH traffic on port 22. If this rule isn't enabled and this port isn't open, connections are refused or reset.
Connect to OpenSSH Server
Once installed, you can connect to OpenSSH Server from a Windows or Windows Server device with the OpenSSH client installed. From a PowerShell prompt, run the following command.
ssh domain\username@servername
Once connected, you get a message similar to the following output.
The authenticity of host 'servername (10.00.00.001)' can't be established.
ECDSA key fingerprint is SHA256:(<a large string>).
Are you sure you want to continue connecting (yes/no)?
Entering yes adds that server to the list of known SSH hosts on your Windows client.
At this point, the service prompts you for your password. As a security precaution, the characters of your password aren't displayed as you enter them.
Once connected, you should see the following Windows command shell prompt:
domain\username@SERVERNAME C:\Users\username>
Disable OpenSSH Server
You can disable the sshd service in Server Manager.
To disable SSHD using Server Manager:
In Server Manager, on the navigation pane to the left, select Local Server.
In the Properties window, locate Remote SSH Access.
Select Disabled to disable the OpenSSH service.
Note
If you need to allow or restrict specific users or groups from using OpenSSH for remote access, add them to the OpenSSH Users user group.
Uninstall OpenSSH Server & Client
To uninstall OpenSSH using Windows Settings:
Select Start, type Optional Features in the search box, then select Optional feature.
Scan the list to see if the OpenSSH is installed:
Search for and select OpenSSH Client, then select Remove
Search for and select OpenSSH Server, then select Remove
Uninstall OpenSSH Server & Client
To uninstall OpenSSH using Windows Settings:
Select Start, type Optional Features in the search box, then select Optional features (also referred to as Manage optional features or See optional feature history).
In the list, select OpenSSH Client or OpenSSH Server.
Select Uninstall.
If the service was in use when you uninstalled it, you should restart Windows.
Next steps
Now that you're done installing OpenSSH Server for Windows, here are some articles that can help you learn how to use it:
Learn more about using key pairs for authentication in OpenSSH key management
Learn more about the OpenSSH Server configuration for Windows