Windows OpenSSH


SSH is a network tool used for remote, command-line login to systems that have the server enabled. It has sibling applications named SFTP and SCP that can be used to copy files.

Windows 10 systems with build 1803 or newer and Windows Server 2019 come with an implementation of OpenSSH that's enabled by default. Some older versions may have this as an optional component that needs to be installed before it can be used.

This web page assumes the user is an experienced user of SSH on other types of systems, and already knows the basics about key pairs, "known_hosts" files, and so on. It also does not discuss "helper" topics such as "ssh-agent".

Checking for Installation

The easiest way to determine if OpenSSH is installed is to open a command window (go to the Start Menu, look under "Windows System", and pick "Command Prompt"). Type "ssh" and you should see something like this:

 usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
            [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]
            [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]
            [-i identity_file] [-J [user@]host[:port]] [-L address]
            [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
            [-Q query_option] [-R address] [-S ctl_path] [-W host:port]
            [-w local_tun[:remote_tun]] destination [command]

If it returns:

 'ssh' is not recognized as an internal or external command,
 operable program or batch file.

Then it may need to be installed (see if the folder "C:\Windows\System32\OpenSSH" exists and has files such as "ssh.exe" in it). If it is installed, then that directory needs to be added to the search path (type "echo %PATH%" in the command prompt window to see if it's in there). If not, changing the system path requires administrative privileges so contact SENS for assistance.


  • Click on the "Settings" gear in the left pane of the Start Menu.
  • Click on "Apps".
  • Click on "Optional features".
  • Look in the list. If you do not see "OpenSSH Client", click "Add a feature".
  • Select "OpenSSH Client" and click "Install".


Once it's installed, using it is as simple as typing something such as:

 > ssh

To copy files using Secure FTP:

 > sftp *.doc

To copy files using Secure Copy, preserving original timestamps:

 > scp -p *.doc

If you are a Unix/Linux user, remember that wildcards characters such as " * " behave differently in the Windows command shell (in Linux, filename expansion is handled by the shell, whereas in Windows the applications are responsible for it).

Public and Private Keys

Windows stores your public and private keys, along with the "known_hosts" file, in a folder named "C:\Users\username\.ssh", similar to the "~/.ssh" directory on Unix systems. In fact, the files have the same name and format, so if you already have those files on a Unix/Linux system you can just copy them to the corresponding Windows folder.

If you need to create these keys, open a Windows Command Prompt window, navigate to "C:\Users\username\.ssh", and type these commands:

 ssh-keygen -b 2048 -t rsa
 ssh-keygen -b 1024 -t dsa

Hit return whenever prompted to accept the defaults.

As with the Linux versions, the private keys need special permissions set so that only the user can read them. To do this:

  • Navigate to the "C:\Users\username\.ssh" folder.
  • For both of the files "id_dsa" and "id_rsa", right click on them and choose "Properties".
  • Click on the "Security" tab and click "Advanced".
  • Set full control for yourself by highlighting that line, clicking "Edit", clicking "Full control", and clicking "OK".
  • Remove any other entries by highlighting them and clicking "Remove".
  • Click "OK" to close the open windows and save your changes.

Do not do this for the " *.pub " files or other files in that folder.