How to use Windows’s native SSH client

For decades, Microsoft ignored the topic of SSH administration. There is now a mature SSH client for Windows that makes the previous classic Putty superfluous. There is also a complete SSH server component.

Windows has been offering porting of the SSH client and server components since the end of 2017. The client was satisfactory at an early stage, the server component initially unsatisfactory. However, these beta deficits are history: At the end of 2021, Open SSH under Windows can be considered complete and fully developed. Technically, there are several command line tools that are set up under ” Windows System32 OpenSSH”, where ssh.exe is the main client component and sshd.exe is the main server component.

No installation is required

The days when the SSH client had to be retrofitted as an optional function (under “Control Panel -› Programs and Features – ›Activate Windows Features”) are over. Every Windows 10 updated by updates should bring the full set of Open SSH equipment under ” Windows System32 OpenSSH ” today.

For reasons not known to us, however, the entry in the path variable is sometimes missing, after which a call to “ssh” or “ssh.exe” (ie without a complete path specification) leads to nothing. The best thing to do is to expand the “Path” in the control panel by searching for “Variable” and then starting the link “Edit system environment variable”. The further path leads to “Environment Variables -› System Variables – ›Path”. Here you also enter “% SYSTEMROOT% System32 OpenSSH “.

The client component

The client (ssh.exe) is sufficient to access the SSH server. This SSH client runs in every console – in the Cmd.exe command prompt, in the Powershell or in alternative command shells. The syntax is identical to that in Linux down to the last detail and does not require any getting used to. The two following examples show the specification of a different port (standard is “22” and does not require any specification) as well as the direct execution of a specific command on a server:

ssh -p 2222 root@ 
ssh root@ "ls -lA --group-directories-first /" 

The native SSH client can claim to be the smallest and most resource-efficient of all SSH solutions under Windows.

The server component

After previous restrictions in 2018 and 2019, the setup of the server component now also works very smoothly and surprises with an unrestricted range of functions. The temporary start of the SSH server can be done on the Windows system via Powershell

or in the cmd:

In any case, the console used must be started with administrator rights. As an alternative to the command line, there is of course the graphical service console Services.msc, which displays the sshd component as an “OpenSSH SSH server”. Here, the temporary start of the service only requires a click on “Start”; To set it up as a permanent, automatically starting service, the option “Automatic” and click on “Apply” is sufficient under “Start type”.

Afterwards, the Windows computer can be reached just as you would expect from a Linux SSH server: It is by no means just shell access with which you (example)

go for a walk on the Windows system (although you have to use the commands of the CMD shell, ie “dir” instead of “ls”, “type” instead of “cat” and so on). In addition, the complete file system for data exchange is available via SFTP (SSH data protocol). A Linux file manager is so with the address input

Offer the file system of the Windows computer. This not only allows data to be copied, but also the use of media.

If, on the other hand, a Windows system is the access client to the Windows SSH server, then at least unrestricted data exchange is possible with the tried and tested Filezilla tool. Filezilla masters SFTP and reaches the Windows SSH server with its IP and authentication data (“connection type: normal”). However, the Windows file manager Explorer remains outside. This is a desideratum that would then also open up media use or file processing via SFTP. We cannot recommend the external tool Swish, because although it appears to integrate SFTP access into Windows Explorer, it does not do more than Filezilla – that is, simple data transfer.

Hello Windows! The Linux file manager uses (after logging in) the entire Windows file system if the SSH server was started there.


Hello Windows! The Linux file manager uses (after logging in) the entire Windows file system if the SSH server was started there.

Automatic registration with key

The more convenient and at the same time more secure logon without entering a password is also possible with the Windows SSH client. There is a little more manual work involved than with Linux clients. First of all, a service must be activated on the Windows system – the ssh-agent. The easiest way to do this is via the Services.msc service console, where the service appears as the “OpenSSH Authentication Agent”. Start it with “Start” manually for the current session or permanently (“Start type -› Automatic ”). Then create for the current user account with

a new key (actually two – one private and one public, which are created as files “id.rsa” and “” in the user account under “% userprofile% . ssh”). With

inform the previously started sshagent about this. Finally, the SSH server must be informed of this key identity. To do this, in the simplest case, copy the public key (ending “pub”)

scp root@

on the server under the account (here “root”) where you usually log in. If there are several clients (regardless of whether they are Linux or Windows) that log on here via SSH, this method is not suitable because the target file “authorized_keys” will be overwritten again. In this case, open the “authorized_keys” file on the server in an editor and copy the content of the client file “” as a further line. In future, it will be possible to log in without asking for the system password.

SSH alternatives

For ad-hoc access on the command line, for remote control for Linux and Windows computers, the described SSH client / server from Microsoft is an absolute recommendation. Many users will continue to use the previous alternatives Putty / Kitty / Smartty because they have been used to it for years or because the graphical selection of the server offers a certain level of convenience.

There is, however, another SSH access in Windows, which must at least be mentioned in this context because it opens up additional options: We are talking about the “Windows Subsystem for Linux” (WSL), which the Linux world has already described several times. WSL is an optional component that must first be activated under Windows (“Control Panel -› Programs and Features – ›Activate Windows Features -› Windows Subsystem for Linux “). After this preparation, search for “WSL” in the “Microsoft Store” and find Ubuntu, Open Suse, Kali, Debian, Cent-OS and others there.

Installed WSL distributions can be found and started later like any other program in the Windows start menu. It goes without saying that each of these Linux subsystems has an SSH client, but the decisive advantage lies elsewhere: The WSL can install tools such as Rsync or Midnight Commander, which practically ensure a tie with Linux systems.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button