How to SSH into Windows 10 or 11?

The latest builds of Windows 10 and Windows 11 include a built-in server and client that are based on OpenSSH. This means now you can remotely connect to Windows 10/11 or Windows Server 2019 using any SSH client, similar to Linux distros. In this article, we’ll show you how to configure OpenSSH on Windows 10 and Windows 11, and connect to it using Putty or any other SSH client.

OpenSSH is an open-source, cross-platform version of Secure Shell (SSH) that is used by Linux users for a long time. This project is currently ported to Windows and can be used as an SSH server on almost any version of Windows. OpenSSH is built-in into the operating system image in the latest versions of Windows Server 2022/2019 and Windows 11.

How to Enable SSH Server on Windows 10?

Make sure your build of Windows 10 is 1809 or newer. The easiest way to do this is by running the command:

winver

ssh into windows

ADVERTISEMENT

Note. If you have an older Windows 10 build installed, you can update it through Windows Update or using an ISO image with a newer Windows 10 build (you can create an image using the Media Creation Tool). If you don’t want to update your Windows 10 build, you can manually install the Win32-OpenSSH port for Windows from GitHub.

You can enable the OpenSSH server in Windows 10 through the graphical Settings panel:

  1. Go to Settings > Apps > Apps and features > Optional features (or run the command ms-settings:appsfeatures);
    ssh to windows
  2. Click Add a feature, select OpenSSH Server (OpenSSH-based secure shell (SSH) server, for secure key management and access from remote machines), and click Install.
    ssh into windows machine

You can also install the sshd server using PowerShell:

Add-WindowsCapability -Online -Name OpenSSH.Server*

ssh to windows server

Or using DISM:

dism /Online /Add-Capability /CapabilityName:OpenSSH.Server~~~~0.0.1.0

If you want to make sure the OpenSSH server is installed, run the following PS command:

Get-WindowsCapability -Online | ? Name -like 'OpenSSH.Server*'

Name : OpenSSH.Server~~~~0.0.1.0

State : Installed

ssh into windows 10

Use the following PowerShell command to uninstall the SSH server:

Remove-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

How to Install SSH Server on Windows 11?

Also, you can add the OpenSSH Server on Windows 11.

  1. Go to Settings > Apps > Optional features;
  2. Click View Features;
    ssh to windows 10
  3. Select OpenSSH Server from the list and click Next > Install;
    how to ssh into windows 10
  4. Wait for the installation to complete.
    windows 11 ssh server

The OpenSSH binaries are located in the C:\Windows\System32\OpenSSH\ folder.

ssh to windows machine

Configuring SSH Service on Windows 10 and 11

Check the status of ssh-agent and sshd services using the PowerShell command Get-Service:

ADVERTISEMENT
Get-Service -Name *ssh*

how to ssh into windows

As you can see, both services are in a Stopped state and not added to the automatic startup list. To start services and configure autostart for them, run the following commands:

Start-Service sshd

Set-Service -Name sshd -StartupType 'Automatic'

Start-Service ‘ssh-agent’

Set-Service -Name ‘ssh-agent’ -StartupType 'Automatic'

connect to windows via ssh

You also need to allow incoming connections to TCP port 22 in the Windows Defender Firewall. You can open the port using netsh:

netsh advfirewall firewall add rule name=”SSHD service” dir=in action=allow protocol=TCP localport=22

Or you can add a firewall rule to allow SSH traffic using PowerShell:

New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

You can configure various OpenSSH server settings in Windows using the %programdata%\ssh\sshd_config configuration file.

enable ssh windows 11

ADVERTISEMENT

For example, you can disable password authentication and leave only key-based auth with:

PubkeyAuthentication yes

PasswordAuthentication no

Here you can also specify a new TCP port (instead of the default TCP 22 port) on which the SSHD will accept connections. For example:

Port 2222

Using the directives AllowGroups, AllowUsers, DenyGroups, DenyUsers, you can specify users and groups who are allowed or denied to connect to Windows via SSH:

  • DenyUsers theitbros\jbrown@192.168.1.15 — denies connections to username jbrown from 192.168.1.15 host;
  • DenyUsers theitbros\* — prevent all users from theitbros domain to connect host using ssh;
  • AllowGroups theitbros\ssh_allow — only allow users from theitbros\ssh_allow to connect host.

The allow and deny rules of sshd are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and AllowGroups.

For example, to allow to connect to SSH under mylocaluser1 account from 192.168.31.100 host, add the following directive:

AllowUsers mylocaluser1@192.168.31.100

After making changes to the sshd_config file, you need to restart the sshd service:

Get-Service sshd| Restart-Service –force

how to ssh to windows

Connect to Windows via SSH

Now you can connect to Windows 10 using any SSH client. To connect from Linux, use the command:

ADVERTISEMENT
ssh -p 22 admin@192.168.1.90

Here, the admin is a local Windows user under which you want to connect. This account must be a member of the built-in Administrators group. 192.168.1.90 is an IP address of your Windows 10 computer.

windows allow ssh connections

After that, a Windows command prompt window will open in the SSH session.

You can use the Putty client to connect to a Windows computer via SSH:

  1. Download and run putty.exe;
  2. Enter the hostname or IP address of the remote Windows host you want to connect over SSH;
  3. Select the Connection type: SSH and make sure port 22 is specified; ssh into windows server
  4. Click Open;
  5. The first time you connect to a Windows host via SSH, a Security Alert will appear asking you to confirm that you want to add the ssh-ed25519 key fingerprint of the remote machine to your local cache. If you trust this host, click the Accept button. This will add that server to the list of known SSH hosts;
    ssh to windows pc
    Note. OpenSSH server fingerprint stored in a file C:\ProgramData\ssh\ssh_host_ecdsa_key.pub. You can determine the current ECDSA key fingerprint on a Windows 10 host with the command:

    ssh-keygen -lf C:\ProgramData\ssh\ssh_host_ed25519_key.pub

    windows 11 enable ssh

  6. A Putty window will appear. Here you need to specify the Windows username and password that you want to use to connect to SSH;
    ssh into windows pc
  7. Once logged in, the command line of the remote Windows host will open;
  8. You can now interactively run commands on the remote host.
    can you ssh into windows

You can also use the built-in Windows SSH client to connect to another Windows host. Install the ssh.exe client on Windows using the command:

Add-WindowsCapability -Online -Name OpenSSH.Client*

Now you can connect to a remote SSH host directly from the Windows command prompt. Use the following command:

ssh root@192.168.13.202

The first time you connect, you will also need to add the fingerprint of the SSH server’s ECDSA key to the list of known hosts. To do this, type “yes” > “enter”.

ssh into a windows machine

Enter the user’s password. The command line C:\Windows\system32\conhost.exe should appear: windows 11 enable ssh server

You can now use the OpenSSH.Client tools (scp.exe, sftp.exe) to copy a file between hosts using the SSH protocol. The following command will copy the local test1.log file to a remote Windows SSH host:

scp.exe D:\PS\test1.log root@192.168.13.202:c:\temp

ssh to a windows machine

If you prefer to use Windows Terminal, you can add the required SSH host profiles to it for quick connection:

  1. Run Windows Terminal and go to its Settings;
  2. Click the Add a new profile button in the Profiles section; ssh into windows computer
  3. Specify that you want to create a duplicate of Windows PowerShell profile; install ssh windows 11
  4. Specify a profile name (“SSH Windows 10 DEVPC” in this example);
  5. In the Command line parameter, specify the connection string to your SSH host. For example: %SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe ssh root@192.168.13.202 windows 11 ssh
  6. Save the profile;
  7. Now in the Windows Terminal menu you will have a separate option for a quick SSH connection to a Windows host. ssh on windows 11

Hint. In some scenarios, you will need to run the PowerShell.exe cli instead of the cmd.exe shell when logging in via SSH on Windows 10. You can do this by running the following command in Windows 10 (under the admin account):

New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -PropertyType String -Force

Now, you change the default OpenSSH shell. From here, when connecting to Windows via SSH, you will immediately see PowerShell prompt instead of cmd.exe.

ssh into windows 11

If you want to use key-based ssh authentication instead of password authentication, you need to generate a key using ssh-keygen on your client. In such a case, the contents of the id_rsa.pub file must be copied to the c:\users\admin\.ssh\authorized_keys file in Windows 10.

After that, you can connect from your Linux client to Windows 10 without a password. Use the command:

ssh -l admin@192.168.1.90

In previous versions of OpenSSH on Windows, all of the sshd service logs were written to the text file C:\ProgramData\ssh\logs\sshd.log by default.

On Windows 11, SSH logs can be viewed using the Event Viewer console (eventvwr.msc). All SSH events are available in a separate section Application and Services Logs > OpenSSH > Operational.

For example, the screenshot shows an example of an event with a successful connection to the computer via SSH. You can see the ssh client’s IP address (hostname) and the username used to connect.

Sshd: Accepted password for jbrown from 192.168.14.14. port 49833 ssh2

how to ssh into a windows machine

I enjoy technology and developing websites. Since 2012 I'm running a few of my own websites, and share useful content on gadgets, PC administration and website promotion.

One comment

  1. Thank you! Saved a life with this line…
    “You can configure various OpenSSH server settings in Windows using the %programdata%\ssh\sshd_config configuration file.”
    Somebody had set the servers up so that I always had to add my password

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.