Win 11 home and Pro install openssh server

Created Fri May, 15 2026 at 07:48PM

To install OpenSSH using PowerShell:

  1. Run PowerShell as an Administrator.

  2. Run the following cmdlet to make sure that OpenSSH is available:

PowerShell

powershell Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'

The command should return the following output if neither are already installed:

PowerShell

```powershell Name : OpenSSH.Client~~~~0.0.1.0 State : NotPresent

Name : OpenSSH.Server~~~~0.0.1.0 State : NotPresent ```

  1. After that, run the following cmdlets to install the server or client components as needed:

PowerShell

```powershell # Install the OpenSSH Client Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0

# Install the OpenSSH Server Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 ```

Both commands should return the following output:

PowerShell

powershell Path : Online : True RestartNeeded : False

  1. To start and configure OpenSSH Server for initial use, open an elevated PowerShell prompt (right-click, then select Run as an administrator), then run the following commands to start the sshd service:

PowerShell

```powershell # Start the sshd service Start-Service sshd

# OPTIONAL but recommended: Set-Service -Name sshd -StartupType 'Automatic'

# Confirm the Firewall rule is configured. It should be created automatically by setup. Run the following to verify if (!(Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue)) { Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, creating it..." New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 } else { Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' has been created and exists." } ```

Connect to OpenSSH Server

Once installed, you can connect to OpenSSH Server from a Windows or Windows Server device with the OpenSSH client installed. From a PowerShell prompt, run the following command.

PowerShell

ssh domain\username@servername

Once connected, you get a message similar to the following output.

PowerShell

The authenticity of host 'servername (10.00.00.001)' can't be established.
ECDSA key fingerprint is SHA256:(<a large string>).
Are you sure you want to continue connecting (yes/no)?

Entering yes adds that server to the list of known SSH hosts on your Windows client.

At this point, the service prompts you for your password. As a security precaution, the characters of your password aren't displayed as you enter them.

Once connected, you should see the following Windows command shell prompt:

PowerShell

domain\username@SERVERNAME C:\Users\username>

Uninstall OpenSSH Server & Client

To uninstall the OpenSSH components using PowerShell, follow these steps.

  1. Open PowerShell as an administrator.

  2. To remove OpenSSH, use the following commands:

PowerShell

```powershell # Uninstall the OpenSSH Client Remove-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0

# Uninstall the OpenSSH Server Remove-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 ```

  1. Finally, run the following command to remove the firewall rule:

PowerShell

powershell if ((Get-NetFirewallRule -Name "OpenSSH-Server-In-TCP" -ErrorAction SilentlyContinue)) { Write-Output "Firewall rule 'OpenSSH-Server-In-TCP' is being removed." Remove-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' } else { Write-Output "Firewall Rule 'OpenSSH-Server-In-TCP' does not exist, removal failed..." }

If the service was in use when you uninstalled it, you should restart Windows.