How to Use Native SSH Client in Windows 11, 10, 7?

The built-in SSH client appeared in Windows 10 and Windows Server 2019. Ssh.exe can be used to securely connect to Linux/UNIX servers, VMWare ESXi hosts and other devices instead of Putty, MTPuTTY and other third-party SSH clients. The native Windows SSH client is based on the OpenSSH port and is preinstalled in Windows starting from Windows 10 build 1809.

How to Enable (Install) the OpenSSH Client on Windows 10?

The OpenSSH client is included in Windows 10 Features on Demand (like RSAT). The SSH client is installed by default on Windows Server 2019, Windows 10 1809 and newer builds.

Check that the SSH client is installed:

Get-WindowsCapability -Online | ? Name -like 'OpenSSH.Client*'

In our example, the OpenSSH client is installed (State: Installed).

If not (State: Not Present), you can install it using:

• The PowerShell command: Add-WindowsCapability -Online -Name OpenSSH.Client*
• With DISM: dism /Online /Add-Capability /CapabilityName:OpenSSH.Server~~~~0.0.1.0
• Via Settings -> Apps -> Optional features -> Add a feature. Find OpenSSH client in the list and click Install.

OpenSSH binary files are located in c:\Windows\System32\OpenSSH\.

• ssh.exe – the SSH client executable;
• scp.exe – tool for copying files in an SSH session;
• ssh-keygen.exe – tool to generate RSA SSH authentication keys;
• ssh-agent.exe – used to manage RSA keys;
• ssh-add.exe – adds a key to the SSH agent database.

Using a Native SSH Client on Windows 10

To start the SSH client, run the PowerShell or cmd.exe prompt. You can list the available options and syntax for ssh.exe:

ssh

usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-E log_file] [-e escape_char]
[-F configfile] [-I pkcs11] [-i identity_file]
[-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]
[-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]
[-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
destination [command]

In order to connect to a remote server using SSH, use the following command:

ssh username@host

If your SSH server is running on a port different from the standard TCP/22, specify the port number:

ssh username@host -p port

For example, to connect to a Linux host with the IP address 192.168.1.102 as root, run this command:

ssh root@192.168.1.102

At the first connection, you will see a request to add the host key to the trusted list. Type yes and press ENTER. Then the host key fingerprint is added to the C:\Users\username\.ssh\known_hosts file.

You will be prompted for a password. Specify your root password, and your remote Linux server’s console should open (in my example, CentOS is installed on the remote server).

If you use the SSH authentication with RSA keys (see an example on how to configure SSH authentication using keys in Windows), you can specify a path to the private key file in your SSH client as follows:

ssh root@192.168.1.102 -i "C:\Users\username\.ssh\id_rsa"

You can also add a private key to SSH-Agent. First, enable the ssh-agent service and configure automatic startup for it.

set-service ssh-agent StartupType 'Automatic'
Start-Service ssh-agent

Add your private key to the ssh-agent database:

ssh-add "C:\Users\username\.ssh\id_rsa"

Then you will be able to connect to your server over SSH without specifying the path to the RSA key. It will be used automatically. Now you can securely connect to your server without a password (if you have not protected your RSA key with a different password):

ssh root@192.168.1.102

Here are some more useful SSH arguments:

• -C – used to compress traffic between client and server (it is useful in case of slow or unstable connections)
• -v – displays detailed information about all SSH client actions
• -R/-L – can be used to forward ports using an SSH tunnel

Using SCP.exe to Transfer Files to/from Windows Host Using SSH

Using the scp.exe tool (is a part of Windows 10 SSH client package), you can copy a file from your computer to the SSH server:

You can copy all directory contents recursively:

scp -r E:\ISO\ root@192.168.1.202:/home

And vice versa, you can transfer a file from a remote server to your computer:

scp.exe root@192.168.1.202:/home/CentOS-8.1.x86_64.iso c:\iso

Thus, you can connect to SSH servers directly from your Windows 10, copy files using scp without any other third-party apps or tools.