How to Install OpenSSH on Windows Server 2019 or 2022

Updated on February 8, 2022
How to Install OpenSSH on Windows Server 2019 or 2022 header image

OpenSSH is a secure remote access tool that encrypts traffic between the connecting client and a remote server. As a result, it eliminates connection hijacking, sniffing, eavesdropping, among other common network attacks. In this guide, you’ll install OpenSSH on a Windows Server.


Install OpenSSH

Through Windows Settings

Open the Windows Start Menu.

Windows Settings

Locate and open Windows Settings. In the new Window, navigate to Apps, and Select Optional Features under Apps & Features.

Click Add Feature, then enter the keyword OpenSSH in the search box. Next, select OpenSSH Server from the list of results, then click Install.

Add Windows Optional Features

Once installed, both OpenSSH Client and Server will be available on the list of Installed Features.

Using Windows PowerShell

Open PowerShell as an Administrator.

Windows PowerShell

Paste the following commands to Install OpenSSH Server:

Add-WindowsCapability -Online -Name OpenSSH.Server

Install OpenSSH Client:

Add-WindowsCapability -Online -Name OpenSSH.Client


Path          :
Online        : True
RestartNeeded : False

To configure OpenSSH, use the following command to open the main configuration file in Notepad and make your preferred changes.

 start-process notepad C:\Programdata\ssh\sshd_config

Configure Firewall

Open the Windows start menu, locate and click Server Manager. In the Server Manager window, navigate to Tools, and select Windows Defender Firewall with Advanced Security from the drop-down list.

Windows Defender with Firewall

Now, click Inbound Rules in the open Firewall window. Then, select New Rule from the right pane.

In the New Inbound Rule Wizard, select Port from the list of options, then click Next. Select ‘TCP’, then enter port 22 in the Specific local ports: section.

Firewall setup

Next, allow the connection, assign the rule to server profiles, and set a custom name for easy identification from the list of Firewall rules.

Click Finish to save the new firewall rule.

Login to Windows Server using SSH

First, start the OpenSSH server by entering the following command in your PowerShell terminal.

Start-Service sshd

Log out of the RDP session.

Then, initiate an SSH connection from your local computer to the server using the following command:

$ ssh -l Administrator SERVER-IP

Replace Administrator with your target username and SERVER-IP with your actual Vultr Windows server address.

ECDSA key fingerprint is SHA256:Vv2A8NOfzCLR/e35Fm5UyqGeJptrn6ZlY6Vabx0wHXQ.
Are you sure you want to continue connecting (yes/no/[fingerprint])? 

Verify the server key by accepting with yes. Then, enter the user account password to connect to the remote Windows server over SSH.

Once logged in, your SSH terminal should be similar to the one below:

Microsoft Windows [Version 10.0.20348.405]
(c) Microsoft Corporation. All rights reserved.

Administrator@EXAMPLE C:\Users\Administrator>


Congratulations, you have successfully installed OpenSSH on a Windows Server. To fine-tune your SSH configuration file, consider visiting the Windows SSH configuration documentation here.