How to Enable the Built-In Windows 10 OpenSSH Client

With each new release of Windows 10, we see more and more useful tools being ported from Linux. First, we had the Windows Subsystem for Linux, which is awesome, and now we have a built-in OpenSSH client and server, which uses version 7.6p1 of OpenSSH.

With the April 2018 Update, the OpenSSH client is now installed by default works really well. Especially the client, as you no longer need to use a 3rd party SSH client such as Putty when you wish to connect to a SSH server.

For this article, we are going to focus on the OpenSSH Client.

First confirm that the OpenSSH client is installed by looking under the installed optional features. If it is installed, you will see it listed as shown below. If so some reason it is not installed, you can click on Add a feature to install it.

Manage Optional Features
Installed OpenSSH Client

Using OpenSSH in Windows 10

It's simple, press the Windows button and type Command Prompt, and hit the Enter, or press the Windows and R key combination, then type cmd, and press te Enter. In the popup window type ssh, and press enter. If the OpenSSH Client installed correctly, you can view the same output in your Command Prompt window. If you are not type any argument next the ssh command the program will print the basic help the program usage. More information in the parameters you can find the man page of the SSH.


Available argument list is:

usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
           [-D [bind_address:]port] [-E log_file] [-e escape_char]
           [-F configfile] [-I pkcs11] [-i identity_file]
           [-J [[email protected]]host[:port]] [-L address] [-l login_name] [-m mac_spec]
           [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]
           [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
           destination [command]

If you connect to a remote server you simply use the command line ssh [user]@[host]. For example, to access your cPanel webhosting servers via SSH simply type ssh [email protected]. If it's your first time connecting to the SSH server, the program will display a host key fingerprint and ask you to confirm if you want to connect. If you type yes, this hosts's key will be saved in the %UserProfile%\.ssh\known_hosts file and you will not be asked again when you connect to the same server.

If you want to connect your server with your SSH key, you need add a key file path, with the -i paramerer. Example: ssh -i .ssh\webhost [email protected]. You will then be prompted to enter the key password for the user account on the remote server that you are logging into as shown below.


If you type a correct password, the client logged in the remote server successfully:


When you are done using the remote server and would like to disconnect the SSH session, simply press the CTRL+D. You will then be logged out, the SSH client will state Connection to [server] closed., and you can close the command prompt.

Permissions for 'private-key' are too open

If you use your SSH private key in the connection, you need to setup the correct permission on the key file otherwise you can not connect the server. You get Permissions for 'private-key' are too open message.

In this case locate the file in Windows Explorer, right-click on it then select Properties. Navigate to the Security tab and click Advanced.
Change the owner to you, disable inheritance and delete all permissions. Then grant yourself Full control and save the permissions. Now SSH won't complain about file permission too open anymore.