Using SSH on Windows
Updated by Linode Written by Linode
As of late 2018, OpenSSH is included with some versions of Windows.
Cygwin is a utility for running popular Linux and BSD tools on Windows. It’s often used as an SSH client and/or server solution on Windows systems.
Download and install Cygwin.
Search for the OpenSSH package and install it.
You should then have SSH capability.
PuTTY is a free and open source SSH client for Windows and UNIX systems. It provides easy connectivity to any server running an SSH daemon, so you can work as if you were logged into a console session on the remote system.
Download and run the PuTTY installer from here.
When you open PuTTY, you’ll be shown the configuration menu. Enter the hostname or IP address of your Linode. PuTTY’s default TCP port is
22, the IANA assigned port for for SSH traffic. Change it if your server is listening on a different port. Name the session in the Saved Sessions text bar if you choose, and click Save:
Click Open to start an SSH session. If you have never previously logged into this system with PuTTY, you will see a message alerting you that the server’s SSH key fingerprint is new, and asking if you want to proceed.
Do not click anything yet! Verify the fingerprint first.
Use Lish to log in to your Linode. Use the command below to query OpenSSH for your Linode’s SSH fingerprint:
ssh-keygen -E md5 -lf /etc/ssh/ssh_host_ed25519_key.pub
The output will look similar to:
256 MD5:58:72:65:6d:3a:39:44:26:25:59:0e:bc:eb:b4:aa:f7 root@localhost (ED25519)
NoteFor the fingerprint of an RSA key instead of elliptical curve, use:
ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub.
Compare the output from Step 4 above to what PuTTY is showing in the alert message in Step 3. The two fingerprints should match.
If the fingerprints match, then click Yes on the PuTTY message to connect to your Linode and cache the host fingerprint.
If the fingerprints do not match, do not connect to the server! You won’t receive further warnings unless the key presented to PuTTY changes for some reason. Typically, this should only happen if you reinstall the remote server’s operating system. If you receive this warning again from a system you already have the host key cached on, you should not trust the connection and investigate matters further.
SSH Tunneling/Port Forwarding
SSH tunnels allow you to access network services running on a remote server though a secure channel. This is useful in cases where the service you wish to access doesn’t run over SSL, or you do not wish to allow public access to it. As an example, you can use tunneling to securely access a MySQL server running on a remote server.
To do so:
- In PuTTY’s configuration window, go to the Connection category.
- Go to SSH, then Tunnels.
3306in the Source port field.
127.0.0.1:3306in the Destination field.
Click Add, then click Open to log in:
Once you’ve connected to the remote server with this tunnel configuration, you’ll be able to direct your local MySQL client to
localhost:3306. Your connection to the remote MySQL server will be encrypted through SSH, allowing you to access your databases without running MySQL on a public IP.
Remote Graphical Applications over SSH
PuTTY can securely run graphical applications hosted on a remote Linux server. You can run virtually any X11 application in this manner, and the connection will be encrypted through SSH, providing a safe means of interacting with remote graphical systems.
You wll need an X11 server for Windows. Download and install Xming, a free X server for Windows. Accept the defaults presented by the installer and you’ll be running an X11 server when the install process completes.
NoteYou will need the
xauthpackage installed on your Linode for X11 forwarding to work correctly. It is installed by default on Debian and RedHat based systems, but may not be for other Linux distributions.
Tell PuTTY to forward X11 connections to your desktop:
- In PuTTY’s configuration window, make sure the remote server’s hostname or IP, and the correct port, are entered on the Session category.
- In the Connection category, go to SSH, then X11.
- Check the box for Enable X11 forwarding.
localhost:0in the X display location field.
- Click Open to log in.
Once you’re logged into the remote server, you may start any graphical application hosted there. The application will be projected onto your local desktop. Here’s the
xcalcapplication running on a Windows desktop from a remote server:
Join our Community
This guide is published under a CC BY-ND 4.0 license.