» Using WinSCP » Guides
» Other »
Installing SFTP/SSH Server on Windows using OpenSSH
Installing SFTP/SSH Server
- Download the latest OpenSSH for Windows binaries (package
- Extract the package to
- As the Administrator, install SSHD and ssh-agent services:
powershell.exe -ExecutionPolicy Bypass -File install-sshd.ps1
- As the Administrator, generate server keys by running the following commands from the
- Open a port for the SSH server in Windows Firewall:
- Either run the following PowerShell command (Windows 8 and 2012 or newer only), as the Administrator:
New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH
- or go to Control Panel > System and Security > Windows Firewall > Advanced Settings > Inbound Rules and add a new rule for port 22.
- To allow a public key authentication, as an Administrator, from
C:\Program Files\OpenSSH, run:
powershell.exe -ExecutionPolicy Bypass -File install-sshlsa.ps1
and restart the machine
- Start the service and/or configure automatic start:
- Go to Control Panel > System and Security > Administrative Tools and open Services. Locate SSHD service.
- If you want the server to start automatically when your machine is started: Go to Action > Properties. In the Properties dialog, change Startup type to Automatic and confirm.
- Start the SSHD service by clicking the Start the service.
These instructions are partially based on the official deployment instructions.
Setting up SSH public key authentication
Follow a generic guide for Setting up SSH public key authentication in *nix OpenSSH server, with following differences:
- Create the
.ssh folder (for the
authorized_keys file) in your Windows account profile folder (typically in
- Do not change permissions for the
.ssh and the
Connecting to the server
Before the first connection, find out fingerprint of the server’s ED25519 key by running
ssh-keygen.exe -l -f ssh_host_ed25519_key -E md5 from the
C:\Program Files\OpenSSH>ssh-keygen.exe -l -f ssh_host_ed25519_key -E md5
256 MD5:0d:df:0a:db:b4:e9:f1:08:d5:59:2b:91:8e:08:1c:78 martin@example (ED25519)
Start WinSCP. Login dialog will appear. On the dialog:
- Make sure New site node is selected.
- On New site node, make sure the SFTP protocol is selected.
- Enter your machine/server IP address (or a hostname) into the Host name box.
- Enter your Windows account name to the User name box. It might have to be entered in the format
user@domain, if running on a domain.
- For a public key authentication:
- For a password authentication:
- Enter your Windows account password to the Password box.
- If you Windows account does not have a password, you cannot authenticate with the password authentication (i.e. with an empty password), you need to use the public key authentication.
- Save your site settings using the Save button.
- Login using Login button.
- Verify the host key by comparing fingerprint with the one collected before (see above).