The built-in SSH client appeared in Windows 10 and Windows Server 2019.
Ssh.exe can be used to securely connect to Linux/UNIX servers, VMWare ESXi hosts and other devices instead of Putty, MTPuTTY and other third-party SSH clients. The native Windows SSH client is based on the OpenSSH port and is preinstalled in Windows starting from Windows 10 build 1809.
Check that the SSH client is installed:
Get-WindowsCapability -Online | ? Name -like 'OpenSSH.Client*'
In our example, the OpenSSH client is installed (State: Installed).
If not (State: Not Present), you can install it using:
Add-WindowsCapability -Online -Name OpenSSH.Client*
dism /Online /Add-Capability /CapabilityName:OpenSSH.Server~~~~0.0.1.0
OpenSSH binary files are located in
ssh.exe– the SSH client executable;
scp.exe– tool for copying files in an SSH session;
ssh-keygen.exe– tool to generate RSA SSH authentication keys;
ssh-agent.exe– used to manage RSA keys;
ssh-add.exe– adds a key to the SSH agent database.
To start the SSH client, run the PowerShell or cmd.exe prompt. You can list the available options and syntax for ssh.exe:
usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] destination [command]
In order to connect to a remote server using SSH, use the following command:
If your SSH server is running on a port different from the standard TCP/22, specify the port number:
ssh username@host -p port
For example, to connect to a Linux host with the IP address 192.168.1.102 as root, run this command:
At the first connection, you will see a request to add the host key to the trusted list. Type
yes and press ENTER. Then the host key fingerprint is added to the C:\Users\username\.ssh\known_hosts file.
You will be prompted for a password. Specify your root password, and your remote Linux server’s console should open (in my example, CentOS is installed on the remote server).
If you use the SSH authentication with RSA keys (see an example on how to configure SSH authentication using keys in Windows), you can specify a path to the private key file in your SSH client as follows:
ssh email@example.com -i "C:\Users\username\.ssh\id_rsa"
You can also add a private key to SSH-Agent. First, enable the ssh-agent service and configure automatic startup for it.
set-service ssh-agent StartupType 'Automatic'
Add your private key to the ssh-agent database:
Then you will be able to connect to your server over SSH without specifying the path to the RSA key. It will be used automatically. Now you can securely connect to your server without a password (if you have not protected your RSA key with a different password):
Here are some more useful SSH arguments:
-C– used to compress traffic between client and server (it is useful in case of slow or unstable connections)
-v– displays detailed information about all SSH client actions
-R/-L– can be used to forward ports using an SSH tunnel
Using the scp.exe tool (is a part of Windows 10 SSH client package), you can copy a file from your computer to the SSH server:
You can copy all directory contents recursively:
scp -r E:\ISO\ firstname.lastname@example.org:/home
And vice versa, you can transfer a file from a remote server to your computer:
scp.exe email@example.com:/home/CentOS-8.1.x86_64.iso c:\iso
Thus, you can connect to SSH servers directly from your Windows 10, copy files using scp without any other third-party apps or tools.