OpenSSH remote login client.
In Windows 10 (>1709) this is an optional feature available under Settings ➞ Apps ➞ “Manage optional features”.
Syntax
SSH [options] destination [command]
Options
-4 Use IPv4 addresses only.
-6 Use IPv6 addresses only.
-A Enable forwarding of the authentication agent connection.
-a Disable forwarding of the authentication agent connection.
-B bind_interface
Bind to the address of bind_interface before attempting to connect to the destination host.
This is only useful on systems with more than one address.
-b bind_address
Use bind_address on the local machine as the source address of the connection.
Only useful on systems with more than one address.
-C Use data compression.
-c cipher_spec
Select the cipher specification for encrypting the session.
-D [bind_address:]port
Dynamic application-level port forwarding.
This allocates a socket to listen to port on the local side.
When a connection is made to this port, the connection is forwarded over the secure channel,
and the application protocol is then used to determine where to connect to from the remote machine.
-E log_file
Append debug logs to log_file instead of standard error.
-e escape_char
Set the escape character for sessions with a pty (default: ‘~’).
The escape character is only recognized at the beginning of a line. The escape character
followed by a dot (.) closes the connection; followed by control-Z suspends the connection;
and followed by itself sends the escape character once.
Setting the character to 'none' disables any escapes and makes the session fully transparent.
-F configfile
Specifies a per-user configuration file.
The default for the per-user configuration file is ~/.ssh/config.
-f Request ssh to go to background just before command execution.
Useful if ssh is going to ask for a passwords, but the user wants it in the background.
This implies -n. A recommended way to start X11 programs at a remote site is ssh -f host xterm.
If the ExitOnForwardFailure configuration option is set to 'yes', then a client started with -f
will wait for all remote port forwards to be successfully established before placing itself in the background.
-G Causes ssh to print its configuration after evaluating Host and Match blocks and exit.
-g Allow remote hosts to connect to local forwarded ports.
If used on a multiplexed connection, then this option must be specified on the master process.
-I pkcs11
Specify the PKCS#11 shared library ssh should use to communicate with a PKCS#11 token
providing keys for user authentication.
-i identity_file
A file from which the identity key (private key) for public key authentication is read.
-J [user@]host[:port]
Connect to the target host by first making a ssh connection to the pjump host[(/iam/jump-host)
and then establishing a TCP forwarding to the ultimate destination from there.
-K Enable GSSAPI-based authentication and forwarding (delegation) of GSSAPI credentials to the server.
-k Disable forwarding (delegation) of GSSAPI credentials to the server.
-l login_name
The user to log in as on the remote machine.
-M Place the ssh client into 'master mode for connection sharing.
Multiple -M options places ssh into 'master' mode but with confirmation required using ssh-askpass(1)
before each operation that changes the multiplexing state (e.g. opening a new session).
-m mac_spec
A comma-separated list of MAC (message authentication code) algorithms, specified in order of preference.
-N Do not execute a remote command. This is useful for just forwarding ports.
-O ctl_cmd
Control an active connection multiplexing master process.
When the -O option is specified, the ctl_cmd argument is interpreted and passed to the master process.
Valid commands are: 'check' (check that the master process is running), 'forward' (request forwardings
without command execution), 'cancel' (cancel forwardings), 'exit' (request the master to exit),
and 'stop' (request the master to stop accepting further multiplexing requests).
-o option
Can be used to give options in the format used in the configuration file.
-p port
Port to connect to on the remote host.
-Q query_option
Query ssh for the algorithms supported for the specified version 2. The available features are:
cipher (supported symmetric ciphers), cipher-auth (supported symmetric ciphers that support authenticated
encryption), help (supported query terms for use with the -Q flag), mac (supported message integrity codes),
kex (key exchange algorithms), key (key types), key-cert (certificate key types), key-plain (non-certificate
key types), protocol-version (supported SSH protocol versions), and sig (supported signature algorithms).
-q Quiet mode.
-R [bind_address:]port:host:hostport
-R [bind_address:]port:local_socket
-R remote_socket:host:hostport
-R remote_socket:local_socket
-R [bind_address:]port
Specifies that connections to the given TCP port or Unix socket on the remote (server) host are to be forwarded
to the local side.
Port forwardings can also be specified in the configuration file. Privileged ports can be forwarded only when
logging in as root on the remote machine. Specify IPv6 addresses be enclosing the address in square brackets.
-S ctl_path
Specifies the location of a control socket for connection sharing, or the string 'none' to disable connection sharing.
Refer to the description of ControlPath and ControlMaster in ssh_config(5) for details.
-T Disable pseudo-terminal allocation.
-t Force pseudo-terminal allocation.
This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful,
e.g. when implementing menu services. Multiple -t options force tty allocation, even if ssh has no local tty.
-V Display the version number.
-v Verbose mode.
-W host:port
Request that standard input and output on the client be forwarded to host on port over the secure channel.
Implies -N, -T, ExitOnForwardFailure and ClearAllForwardings, though these can be overridden in the configuration
file or using -o command line options.
-w local_tun[:remote_tun]]
Request tunnel device forwarding with the specified tun(4) devices between the client (local_tun) and
the server (remote_tun). The devices may be specified by numerical ID or the keyword 'any', which uses the next
available tunnel device. If remote_tun is not specified, it defaults to 'any'.
See also the Tunnel and TunnelDevice directives in ssh_config(5).
If the Tunnel directive is unset, it will be set to the default tunnel mode, which is 'point-to-point'.
If a different Tunnel forwarding mode it desired, then it should be specified before -w.
-X Enable X11 forwarding. This can also be specified on a per-host basis in a configuration file.
X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote
host (for the user’s X authorization database) can access the local X11 display through the forwarded
connection. An attacker may then be able to perform activities such as keystroke monitoring.
For this reason, X11 forwarding is subjected to X11 SECURITY extension restrictions by default.
Please refer to the ssh -Y option and the ForwardX11Trusted directive in ssh_config(5) for more information.
-x Disable X11 forwarding.
-Y Enable trusted X11 forwarding. Trusted X11 forwardings are not subjected to the X11 SECURITY extension controls.
-y Send log information using the syslog(3) system module. By default this information is sent to stderr.
By default, ssh attempts to connect to an SSH server running on port 22, use the -p option to select a different port.
ssh may additionally obtain configuration data from a per-user configuration file and a system-wide configuration file. The file format and configuration options are described in ssh_config(5).
Install SSH with PowerShell:
C:\> powershell "Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0"
Connect to an SSH server at ssh.example.com with the username xiaoping:
C:\> ssh.exe -l xiaoping ssh.example.com
This can be shortened to:
C:\> ssh xiaoping@ssh.example.com
“The happiest, healthiest, and longest lasting relationships happen when each partner is secure and whole within themselves” ~ Pamela Cummins
OpenSSH Man Pages
PuTTY - A Free Telnet/SSH Client.
OpenSSH For Windows Server - Installation of the SSH server.
TELNET - Communicate with another host using the TELNET protocol.