Using SSH on Windows

Updated , by Linode

Traducciones al Español
Estamos traduciendo nuestros guías y tutoriales al Español. Es posible que usted esté viendo una traducción generada automáticamente. Estamos trabajando con traductores profesionales para verificar las traducciones de nuestro sitio web. Este proyecto es un trabajo en curso.

Using SSH on Windows

It is common for software developers to work on multiple projects that require them to access different systems. Using SSH on Windows allows developers to connect to multiple machines remotely right from their terminal.

In this tutorial, you will learn how to use SSH on Windows 10 and older versions.

Installing OpenSSH On Windows 10

As of late 2018, OpenSSH is included with some versions of Windows. If this has been pre-installed, you can skip to the section on Using SSH on Windows 10. If unavailable, you can install OpenSSH using the following steps:

  1. Enter the Settings menu. This can be found by typing “Settings” in the Windows search bar, and clicking on the settings application.

  2. Next, select Apps. Click on Optional Features or Manage optional features from the menu that appears.

    Manage optional features in Windows Settings

  3. Click on Add a feature. A dropdown menu will appear. Select the OpenSSH client, followed by the Install button.

    The Optional Features menu, where you can add the OpenSSH client.

Using SSH on Windows 10 is similar to using it on other operating systems like Linux or Mac OSX, and can be accessed in the command prompt.

Using SSH on Windows 10 To Connect To A Server

All SSH commands are entered in the windows command prompt. The command prompt application can be opened by searching for the term “command prompt” in the windows search bar.

To connect with an SSH server, use the following syntax

ssh <username>@<domainoripaddress>

If you want to connect with an SSH server at the domain “” with a username of “linode” for example, enter the following command:

ssh [email protected]

When this command is entered, the SSH client will try to connect to on the standard TCP port 22 by default. If your SSH server is hosted on a different port, this port will need to be specified as part of the SSH command. You can modify the previous command and define the TCP port you need to connect to with the following syntax:

ssh <username>@<domain_or_ip_address> -p <port number>

If the TCP port you want to connect with is “2222” for example, you can modify the previous command to:

ssh [email protected] -p 2222

When you connect with a server for the first time, the SSH client will prompt you to check and verify the host’s key fingerprint. When you execute the ssh command, you will see the following output:

  PS C:\Users\linode> ssh [email protected] -p 2222

The authenticity of host ‘ (’ can't be established.

ECDSA key fingerprint is    SHA256:T2RssD0dEslggzS/BROmiE/s70WqcYy6bk52fs+MLTIptM.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'pc' (ECDSA) to the list of known hosts.

Accept the prompt, and the ssh connection will be approved and established.

Using SSH On Windows 10 With Secure Shell App On Chrome

Secure shell is a Chrome application that allows you to execute ssh commands on the Chrome browser. This HTML based SSH client runs on Javascript. To use it, go to the Secure Shell Extension page on the Google chrome store and click Add to Chrome to install. Review and accept the required permission at the prompt, and select Add App to confirm the installation.

An example of the Secure Shell extension running the browser.

Once installed, you are automatically taken to your homepage on Google Chrome. If for some reason Google Chrome fails to redirect you, enter chrome://apps/ as the url into the chrome browser.

You should see Secure Shell App:

The Secure Shell App in the app listing in Chrome.

Click on Secure Shell App and to launch a new terminal directly in your Chrome browser:

The Secure Shell App running in the browser.

To use Secure Shell App without having to use the chrome://apps/ URL, you can simply start typing ssh in your chrome tab’s URL section for that APP to dynamically begin entering your command. You can then write your user and hostname to connect.

Running the Secure Shell App from the URL section of Chrome.

Once you enter your user and hostname, along with any desired port, you will see output similar to the following in your chrome terminal:

  Welcome to Secure Shell App version 0.37.

  Answers to frequently asked questions: (Ctrl+Click on links to open)

  [Pro Tip] Use 'Open as window' or 'Fullscreen' to prevent Ctrl+W from closing your terminal!

  [Pro Tip] See for more information.

  ChangeLog/release notes: /html/changelog.html

  Major changes since 0.34:

   ¤ Enable connection resume for Google corp-relay-v4 users.

   ¤ OpenSSH upgraded to 8.4p1.

  Random pro tip #3: Connect from the omnibox by typing 'ssh &lt;profile name>':

  Notice: Please migrate to the new Secure Shell extension (link).

  Chrome Apps are deprecated, so this version will stop receiving updates.

  Please see the migration guide (link) for more details.

  Loading NaCl plug-in… done.

  Connecting to [email protected]…

  ssh: connect to host hostname port 22

  The authenticity of host ‘ (’ can't be established.

  ECDSA key fingerprint is    SHA256:T2RssD0dEslggzS/BROmiE/s70WqcYy6bk52fs+MLTIptM.

  Are you sure you want to continue connecting (yes/no)? yes

  Warning: Permanently added 'pc' (ECDSA) to the list of known hosts.

Enter yes to accept the host fingerprint that appears. Next, enter your password to establish a connection. Once a connection is established output similar to the following will appear in the Secure Shell App Terminal:

  Warning: Permanently added ‘ (’ (ECDSA) to the list of known hosts.

[email protected]’s password:

Welcome to Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-33-generic x86_64)

 * Documentation:

 * Management:

 * Support:

45 packages can be updated.

0 updates are security updates.

New releases ‘20.01 LTS’ available.

Run ‘do-release-upgrade’ to upgrade it.


Cygwin is a utility for running popular Linux and BSD tools on Windows. It’s often used as an SSH client and/or server solution on Windows systems.

  1. Download and install Cygwin.

  2. Search for the OpenSSH package and install it.

    Cygwin install OpenSSH

  3. You should then have SSH capability.

    Cygwin OpenSSH Options


PuTTY is a free and open source SSH client for Windows and UNIX systems. It provides easy connectivity to any server running an SSH daemon, so you can work as if you were logged into a console session on the remote system.

  1. Download and run the PuTTY installer from here.

  2. When you open PuTTY, you’ll be shown the configuration menu. Enter the hostname or IP address of your Linode. PuTTY’s default TCP port is 22, the IANA assigned port for for SSH traffic. Change it if your server is listening on a different port. Name the session in the Saved Sessions text bar if you choose, and click Save:

    Saving your connection information.

  3. Click Open to start an SSH session. If you have never previously logged into this system with PuTTY, you will see a message alerting you that the server’s SSH key fingerprint is new, and asking if you want to proceed.

    Do not click anything yet! Verify the fingerprint first.

    PuTTY verify SSH fingerprint

  4. Use Lish to log in to your Linode. Use the command below to query OpenSSH for your Linode’s SSH fingerprint:

    ssh-keygen -E md5 -lf /etc/ssh/

    The output will look similar to:

      256 MD5:58:72:65:6d:3a:39:44:26:25:59:0e:bc:eb:b4:aa:f7  [email protected] (ED25519)
    For the fingerprint of an RSA key instead of elliptical curve, use: ssh-keygen -lf /etc/ssh/
  5. Compare the output from Step 4 above to what PuTTY is showing in the alert message in Step 3. The two fingerprints should match.

  6. If the fingerprints match, then click Yes on the PuTTY message to connect to your Linode and cache the host fingerprint.

    If the fingerprints do not match, do not connect to the server! You won’t receive further warnings unless the key presented to PuTTY changes for some reason. Typically, this should only happen if you reinstall the remote server’s operating system. If you receive this warning again from a system you already have the host key cached on, you should not trust the connection and investigate matters further.

SSH Tunneling/Port Forwarding

SSH tunnels allow you to access network services running on a remote server though a secure channel. This is useful in cases where the service you wish to access doesn’t run over SSL, or you do not wish to allow public access to it. As an example, you can use tunneling to securely access a MySQL server running on a remote server.

To do so:

  1. In PuTTY’s configuration window, go to the Connection category.

  2. Go to SSH, then Tunnels.

  3. Enter 3306 in the Source port field.

  4. Enter in the Destination field.

  5. Click Add, then click Open to log in:

    Tunneling a remote MySQL connection with PuTTY.

Once you’ve connected to the remote server with this tunnel configuration, you’ll be able to direct your local MySQL client to localhost:3306. Your connection to the remote MySQL server will be encrypted through SSH, allowing you to access your databases without running MySQL on a public IP.

Remote Graphical Applications over SSH

PuTTY can securely run graphical applications hosted on a remote Linux server. You can run virtually any X11 application in this manner, and the connection will be encrypted through SSH, providing a safe means of interacting with remote graphical systems.

  1. You wll need an X11 server for Windows. Download and install Xming, a free X server for Windows. Accept the defaults presented by the installer and you’ll be running an X11 server when the install process completes.

    You will need the xauth package installed on your Linode for X11 forwarding to work correctly. It is installed by default on Debian and RedHat based systems, but may not be for other Linux distributions.
  2. Tell PuTTY to forward X11 connections to your desktop:

    1. In PuTTY’s configuration window, make sure the remote server’s hostname or IP, and the correct port, are entered on the Session category.
    2. In the Connection category, go to SSH, then X11.
    3. Check the box for Enable X11 forwarding.
    4. Enter localhost:0 in the X display location field.
    5. Click Open to log in.

    Configure X11 forwarding in PuTTY.

  3. Once you’re logged into the remote server, you may start any graphical application hosted there. The application will be projected onto your local desktop. Here’s the xcalc application running on a Windows desktop from a remote server:

    xcalc running in PuTTY.

This page was originally published on

Try this guide to receive $100 at signup on a new account.

Your Feedback Is Important

Let us know if this guide made it easy to get the answer you needed.