​OpenSSH arrives in Windows 10 Spring Update

One of the most universally used Linux/Unix tools is now included by default in Windows 10: OpenSSH. Here's how to get started with it.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

Windows 10 is becoming a useful Unix/Linux sysadmin platform. First, it has incorporated Windows Subsystem for Linux in the Windows 10 Fall Creators Update. Now, in the Windows 10 April 2018 Update, Microsoft has finally brought a native Secure Shell (SSH) to Windows.

It's taken a long time. Microsoft started work on porting OpenSSH to PowerShell in 2015 because of user demand.

Read also: Here's how you can still get a free Windows 10 upgrade

Finally, though, you'll no longer need third-party SSH clients such as Putty when you connect to a system running a SSH server. OpenSSH is a collection of client/server utilities. It enables developers and administrators to use secure remote login, remote file transfer, and public/private key pair management with any system with an OpenSSH server.

OpenSSH is commonly used with BSD, Linux, macOS, and Unix servers, but it can be used with any platform, including Windows 10, with a SSH server. This particular popular SSH client/server implementation is part of the OpenBSD project.

Microsoft is deploying the latest client version of OpenSSH, OpenSSH 7.7, as a default in this latest Windows 10 update. The OpenSSH server is also available, but you must install it.

For full instructions on how to use this command-line interface program, check out the OpenSSH manual page. The most common way to use it is to connect to a remote server. If you're using passwords, this is done with the following command:

ssh [user]@[host]

If it's your first connection to a particular SSH server, it will display the host key fingerprint and ask you to confirm that you want to connect. If you answer yes, the host key will be saved in the %UserProfile%\.ssh\known_hosts hidden file, and when next you connect to it, you won't be asked again.

Next, you must enter the remote server's user account password. Once that's done, you're logged into the remote server, and you can program on it or run system administration tools.

Once you're done type "exit". You'll then get the following message: "Connection to [server] closed." And you're back to your local command prompt.

It's safer, however, to use key-based authentication. For that, you must first generate client public/private key pairs. From PowerShell or cmd, you do this by using ssh-keygen to generate the key files. This is done with the following commands:

cd ~\.ssh\ssh-keygen

With my system, the output looks like:

Generating public/private ed25519 key pair.Enter file in which to save the key (C:\Users\sjvn\.ssh\id_ed25519):

ED25519 is the public-key signature system currently used by OpenSSH to secure connections. You'll then be prompted to use a passphrase to encrypt your private key files. The resulting files ending with a .pub are your public keys, while the others are your private keys.

Next, you must move your public key (~\.ssh\id_ed25519.pub) into a text file called authorized_keys in the directory ~\.ssh\ on the remote server.

Read also: What's new in the Windows 10 April 2018 Update

Private keys are like your passwords. They must be protected. On Windows, you should shield your private keys by using the ssh-agent service, as the Administrator, and use ssh-add to store your private key. Then, whenever you need it for authentication, ssh-agent will automatically retrieve it and pass it to OpenSSH.

Once set up, you'll be able to securely login into remote servers and transfer files to them. You're now ready to work on remote Unix/Linux systems. Enjoy.

Related stories

Editorial standards