Using SSH on Windows
Updated , by Linode
Traducciones al EspañolEstamos traduciendo nuestros guías y tutoriales al Español. Es posible que usted esté viendo una traducción generada automáticamente. Estamos trabajando con traductores profesionales para verificar las traducciones de nuestro sitio web. Este proyecto es un trabajo en curso.
It is common for software developers to work on multiple projects that require them to access different systems. Using SSH on Windows allows developers to connect to multiple machines remotely right from their terminal.
In this tutorial, you will learn how to use SSH on Windows 10 and older versions.
Installing OpenSSH On Windows 10
As of late 2018, OpenSSH is included with some versions of Windows. If this has been pre-installed, you can skip to the section on Using SSH on Windows 10. If unavailable, you can install OpenSSH using the following steps:
Enter the Settings menu. This can be found by typing “Settings” in the Windows search bar, and clicking on the settings application.
Next, select Apps. Click on Optional Features or Manage optional features from the menu that appears.
Click on Add a feature. A dropdown menu will appear. Select the OpenSSH client, followed by the Install button.
Using SSH on Windows 10 is similar to using it on other operating systems like Linux or Mac OSX, and can be accessed in the command prompt.
Using SSH on Windows 10 To Connect To A Server
All SSH commands are entered in the windows command prompt. The command prompt application can be opened by searching for the term “command prompt” in the windows search bar.
To connect with an SSH server, use the following syntax
If you want to connect with an SSH server at the domain “ssh.linode.com” with a username of “linode” for example, enter the following command:
When this command is entered, the SSH client will try to connect to ssh.linode.com on the standard TCP port 22 by default. If your SSH server is hosted on a different port, this port will need to be specified as part of the SSH command. You can modify the previous command and define the TCP port you need to connect to with the following syntax:
ssh <username>@<domain_or_ip_address> -p <port number>
If the TCP port you want to connect with is “2222” for example, you can modify the previous command to:
ssh [email protected] -p 2222
When you connect with a server for the first time, the SSH client will prompt you to check and verify the host’s key fingerprint. When you execute the ssh command, you will see the following output:
PS C:\Users\linode> ssh [email protected] -p 2222 The authenticity of host ‘linode.com (220.127.116.11)’ can't be established. ECDSA key fingerprint is SHA256:T2RssD0dEslggzS/BROmiE/s70WqcYy6bk52fs+MLTIptM. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'pc' (ECDSA) to the list of known hosts.
Accept the prompt, and the ssh connection will be approved and established.
Using SSH On Windows 10 With Secure Shell App On Chrome
Once installed, you are automatically taken to your homepage on Google Chrome. If for some reason Google Chrome fails to redirect you, enter
chrome://apps/ as the url into the chrome browser.
You should see Secure Shell App:
Click on Secure Shell App and to launch a new terminal directly in your Chrome browser:
To use Secure Shell App without having to use the
chrome://apps/ URL, you can simply start typing ssh in your chrome tab’s URL section for that APP to dynamically begin entering your command. You can then write your user and hostname to connect.
Once you enter your user and hostname, along with any desired port, you will see output similar to the following in your chrome terminal:
Welcome to Secure Shell App version 0.37. Answers to frequently asked questions: https://goo.gl/muppJj (Ctrl+Click on links to open) [Pro Tip] Use 'Open as window' or 'Fullscreen' to prevent Ctrl+W from closing your terminal! [Pro Tip] See https://goo.gl/muppJj for more information. ChangeLog/release notes: /html/changelog.html Major changes since 0.34: ¤ Enable connection resume for Google corp-relay-v4 users. ¤ OpenSSH upgraded to 8.4p1. Random pro tip #3: Connect from the omnibox by typing 'ssh <profile name>': https://goo.gl/V7o8ki Notice: Please migrate to the new Secure Shell extension (link). Chrome Apps are deprecated, so this version will stop receiving updates. Please see the migration guide (link) for more details. Loading NaCl plug-in… done. Connecting to [email protected]… ssh: connect to host hostname port 22 The authenticity of host ‘linode.com (18.104.22.168)’ can't be established. ECDSA key fingerprint is SHA256:T2RssD0dEslggzS/BROmiE/s70WqcYy6bk52fs+MLTIptM. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'pc' (ECDSA) to the list of known hosts.
yes to accept the host fingerprint that appears. Next, enter your password to establish a connection. Once a connection is established output similar to the following will appear in the Secure Shell App Terminal:
Warning: Permanently added ‘linode.com (22.214.171.124)’ (ECDSA) to the list of known hosts. [email protected]’s password: Welcome to Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-33-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage 45 packages can be updated. 0 updates are security updates. New releases ‘20.01 LTS’ available. Run ‘do-release-upgrade’ to upgrade it.
Cygwin is a utility for running popular Linux and BSD tools on Windows. It’s often used as an SSH client and/or server solution on Windows systems.
Download and install Cygwin.
Search for the OpenSSH package and install it.
You should then have SSH capability.
PuTTY is a free and open source SSH client for Windows and UNIX systems. It provides easy connectivity to any server running an SSH daemon, so you can work as if you were logged into a console session on the remote system.
Download and run the PuTTY installer from here.
When you open PuTTY, you’ll be shown the configuration menu. Enter the hostname or IP address of your Linode. PuTTY’s default TCP port is
22, the IANA assigned port for for SSH traffic. Change it if your server is listening on a different port. Name the session in the Saved Sessions text bar if you choose, and click Save:
Click Open to start an SSH session. If you have never previously logged into this system with PuTTY, you will see a message alerting you that the server’s SSH key fingerprint is new, and asking if you want to proceed.
Do not click anything yet! Verify the fingerprint first.
Use Lish to log in to your Linode. Use the command below to query OpenSSH for your Linode’s SSH fingerprint:
ssh-keygen -E md5 -lf /etc/ssh/ssh_host_ed25519_key.pub
The output will look similar to:
256 MD5:58:72:65:6d:3a:39:44:26:25:59:0e:bc:eb:b4:aa:f7 [email protected] (ED25519)
NoteFor the fingerprint of an RSA key instead of elliptical curve, use:
ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub.
Compare the output from Step 4 above to what PuTTY is showing in the alert message in Step 3. The two fingerprints should match.
If the fingerprints match, then click Yes on the PuTTY message to connect to your Linode and cache the host fingerprint.
If the fingerprints do not match, do not connect to the server! You won’t receive further warnings unless the key presented to PuTTY changes for some reason. Typically, this should only happen if you reinstall the remote server’s operating system. If you receive this warning again from a system you already have the host key cached on, you should not trust the connection and investigate matters further.
SSH Tunneling/Port Forwarding
SSH tunnels allow you to access network services running on a remote server though a secure channel. This is useful in cases where the service you wish to access doesn’t run over SSL, or you do not wish to allow public access to it. As an example, you can use tunneling to securely access a MySQL server running on a remote server.
To do so:
In PuTTY’s configuration window, go to the Connection category.
Go to SSH, then Tunnels.
3306in the Source port field.
127.0.0.1:3306in the Destination field.
Click Add, then click Open to log in:
Once you’ve connected to the remote server with this tunnel configuration, you’ll be able to direct your local MySQL client to
localhost:3306. Your connection to the remote MySQL server will be encrypted through SSH, allowing you to access your databases without running MySQL on a public IP.
Remote Graphical Applications over SSH
PuTTY can securely run graphical applications hosted on a remote Linux server. You can run virtually any X11 application in this manner, and the connection will be encrypted through SSH, providing a safe means of interacting with remote graphical systems.
You wll need an X11 server for Windows. Download and install Xming, a free X server for Windows. Accept the defaults presented by the installer and you’ll be running an X11 server when the install process completes.
NoteYou will need the
xauthpackage installed on your Linode for X11 forwarding to work correctly. It is installed by default on Debian and RedHat based systems, but may not be for other Linux distributions.
Tell PuTTY to forward X11 connections to your desktop:
- In PuTTY’s configuration window, make sure the remote server’s hostname or IP, and the correct port, are entered on the Session category.
- In the Connection category, go to SSH, then X11.
- Check the box for Enable X11 forwarding.
localhost:0in the X display location field.
- Click Open to log in.
Once you’re logged into the remote server, you may start any graphical application hosted there. The application will be projected onto your local desktop. Here’s the
xcalcapplication running on a Windows desktop from a remote server:
This page was originally published on