Install OpenSSH¶

This guide helps individuals on older machines install OpenSSH if needed. If you are running a newer version of Windows (installed after 2018), OpenSSH is already installed by default and you do not have to follow this guide. Linux and macOS users have it installed by default.

Installing OpenSSH¶

Windows 10 & 11

Open Windows PowerShell as an Administrator

Run the following command to verify whether OpenSSH is installed:

Verify OpenSSH Installation

Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'

The output should look similar to the following:

Name  : OpenSSH.Client~~~~0.0.1.0
State : NotPresent # (1)!

Name  : OpenSSH.Server~~~~0.0.1.0
State : Installed

NotPresent means that specific component of OpenSSH is not installed.

Install any missing OpenSSH components, as represented by the NotPresent state from the output of the previous command, by running the following command:

Install OpenSSH Components

# Install the OpenSSH Client
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0

# Install the OpenSSH Server
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0

Now that OpenSSH is installed, we must configure it to start on boot and verify the firewall rules to allow connections.

Configure OpenSSH

# Start the OpenSSH Server service
Start-Service sshd

# Set the OpenSSH Server service to start on boot
Set-Service -Name sshd -StartupType Automatic

# Confirm the Firewall rule is configured. It should be created automatically by setup. Run the following to verify
. {
if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue)) {
    Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..."
    New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22
} else {
    Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists."
}
}

Configure SSH-Agent

        . {
    # Define the service name
    $serviceName = "ssh-agent"

    # Check if the service exists
    $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue

    if ($service) {
        # 1. Check if Startup Type is already Automatic
        # We use Get-CimInstance to reliably check StartMode on both PowerShell 5.1 and 7+
        $cimService = Get-CimInstance -ClassName Win32_Service -Filter "Name='$serviceName'"

        if ($cimService.StartMode -ne "Auto") {
            Write-Host "Configuring '$serviceName' startup type to Automatic..."
            Get-Service -Name $serviceName | Set-Service -StartupType Automatic
        } else {
            Write-Host "Startup type for '$serviceName' is already set to Automatic."
        }

        # 2. Check if the service is already Running
        # Refresh the service object to get the latest status
        $service.Refresh()

        if ($service.Status -ne "Running") {
            Write-Host "Starting '$serviceName'..."
            Start-Service -Name $serviceName
        } else {
            Write-Host "Service '$serviceName' is already running."
        }

        # 3. Return the final status
        Get-Service -Name $serviceName
    } else {
        Write-Warning "Service '$serviceName' was not found. Please ensure the OpenSSH Client feature is installed on Windows."
    }
    }

You should now be able to run ssh from the PowerShell terminal.