Contents » Using WinSCP » Guides » Other »

Installing SFTP/SSH Server on Windows using OpenSSH

Recently, Microsoft has released an early version of OpenSSH for Windows. You can use the package to set up an SFTP/SSH server on Windows.

Installing SFTP/SSH Server

  • Download the latest OpenSSH for Windows binaries (package
  • Extract the package to C:\Program Files\OpenSSH
  • As the Administrator, install SSHD and ssh-agent services:
    powershell.exe -ExecutionPolicy Bypass -File install-sshd.ps1
  • As the Administrator, generate server keys by running the following commands from the C:\Program Files\OpenSSH:
    .\ssh-keygen.exe -A
  • Open a port for the SSH server in Windows Firewall:
    • Either run the following PowerShell command (Windows 8 and 2012 or newer only), as the Administrator:
      New-NetFirewallRule -Protocol TCP -LocalPort 22 -Direction Inbound -Action Allow -DisplayName SSH
    • or go to Control Panel > System and Security > Windows Firewall > Advanced Settings > Inbound Rules and add a new rule for port 22.
  • To allow a public key authentication, as an Administrator, from C:\Program Files\OpenSSH, run:
    powershell.exe -ExecutionPolicy Bypass -File install-sshlsa.ps1
    and restart the machine
  • Start the service and/or configure automatic start:
    • Go to Control Panel > System and Security > Administrative Tools and open Services. Locate SSHD service.
    • If you want the server to start automatically when your machine is started: Go to Action > Properties. In the Properties dialog, change Startup type to Automatic and confirm.
    • Start the SSHD service by clicking the Start the service.

These instructions are partially based on the official deployment instructions.

Setting up SSH public key authentication

Follow a generic guide for Setting up SSH public key authentication in *nix OpenSSH server, with following differences:

  • Create the .ssh folder (for the authorized_keys file) in your Windows account profile folder (typically in C:\Users\username\.ssh).
  • Do not change permissions for the .ssh and the authorized_keys.

Connecting to the server

Before the first connection, find out fingerprint of the server’s ED25519 key by running ssh-keygen.exe -l -f ssh_host_ed25519_key -E md5 from the C:\Program Files\OpenSSH:

C:\Program Files\OpenSSH>ssh-keygen.exe -l -f ssh_host_ed25519_key -E md5
256 MD5:0d:df:0a:db:b4:e9:f1:08:d5:59:2b:91:8e:08:1c:78 martin@example (ED25519)

Start WinSCP. Login dialog will appear. On the dialog:

  • Make sure New site node is selected.
  • On New site node, make sure the SFTP protocol is selected.
  • Enter your machine/server IP address (or a hostname) into the Host name box.
  • Enter your Windows account name to the User name box. It might have to be entered in the format user@domain, if running on a domain.
  • For a public key authentication:
  • For a password authentication:
    • Enter your Windows account password to the Password box.
    • If you Windows account does not have a password, you cannot authenticate with the password authentication (i.e. with an empty password), you need to use the public key authentication.
  • Save your site settings using the Save button.
  • Login using Login button.
  • Verify the host key by comparing fingerprint with the one collected before (see above).

Further reading

  guide_windows_openssh_server.txt · Last modified: by martin

Search Documentation

This page


About donations

$9   $19   $49   $99

About donations



Site design by Black Gate