OpenSSH remote login client.
In Windows 10 (>1709) this is an optional feature available under Settings ➞ Apps ➞ “Manage optional features”.

      ssh [options] destination [command]

   -4    Use IPv4 addresses only.
   -6    Use IPv6 addresses only.

   -A    Enable forwarding of the authentication agent connection.
   -a    Disable forwarding of the authentication agent connection.

   -B bind_interface
         Bind to the address of bind_interface before attempting to connect to the destination host.
         This is only useful on systems with more than one address.

   -b bind_address
         Use bind_address on the local machine as the source address of the connection.
         Only useful on systems with more than one address.

   -C    Use data compression.

   -c cipher_spec
         Select the cipher specification for encrypting the session.

   -D [bind_address:]port
         Dynamic application-level port forwarding.
         This allocates a socket to listen to port on the local side.
         When a connection is made to this port, the connection is forwarded over the secure channel,
         and the application protocol is then used to determine where to connect to from the remote machine.

   -E log_file
         Append debug logs to log_file instead of standard error.

   -e escape_char
         Set the escape character for sessions with a pty (default: ‘~’).
         The escape character is only recognized at the beginning of a line. The escape character
         followed by a dot (.) closes the connection; followed by control-Z suspends the connection;
         and followed by itself sends the escape character once.
         Setting the character to 'none' disables any escapes and makes the session fully transparent. 

   -F configfile
         Specifies a per-user configuration file.
         The default for the per-user configuration file is ~/.ssh/config.

   -f    Request ssh to go to background just before command execution.
         Useful if ssh is going to ask for a passwords, but the user wants it in the background.
         This implies -n. A recommended way to start X11 programs at a remote site is ssh -f host xterm.

         If the ExitOnForwardFailure configuration option is set to 'yes', then a client started with -f 
         will wait for all remote port forwards to be successfully established before placing itself in the background.

   -G    Causes ssh to print its configuration after evaluating Host and Match blocks and exit.

   -g    Allow remote hosts to connect to local forwarded ports.
         If used on a multiplexed connection, then this option must be specified on the master process. 

   -I pkcs11
         Specify the PKCS#11 shared library ssh should use to communicate with a PKCS#11 token
         providing keys for user authentication. 

   -i identity_file
         A file from which the identity key (private key) for public key authentication is read.

   -J [user@]host[:port]
         Connect to the target host by first making a ssh connection to the pjump host[(/iam/jump-host)
         and then establishing a TCP forwarding to the ultimate destination from there.

   -K    Enable GSSAPI-based authentication and forwarding (delegation) of GSSAPI credentials to the server. 

   -k    Disable forwarding (delegation) of GSSAPI credentials to the server. 

   -l login_name
         The user to log in as on the remote machine.

   -M    Place the ssh client into 'master mode for connection sharing.
         Multiple -M options places ssh into 'master' mode but with confirmation required using ssh-askpass(1)
         before each operation that changes the multiplexing state (e.g. opening a new session). 

   -m mac_spec
         A comma-separated list of MAC (message authentication code) algorithms, specified in order of preference.

   -N    Do not execute a remote command. This is useful for just forwarding ports. 

   -O ctl_cmd
         Control an active connection multiplexing master process.
         When the -O option is specified, the ctl_cmd argument is interpreted and passed to the master process.
         Valid commands are: 'check' (check that the master process is running), 'forward' (request forwardings
         without command execution), 'cancel' (cancel forwardings), 'exit' (request the master to exit),
         and 'stop' (request the master to stop accepting further multiplexing requests).

   -o option
         Can be used to give options in the format used in the configuration file. 

   -p port
         Port to connect to on the remote host.

   -Q query_option
         Query ssh for the algorithms supported for the specified version 2. The available features are:
         cipher (supported symmetric ciphers), cipher-auth (supported symmetric ciphers that support authenticated
         encryption), help (supported query terms for use with the -Q flag), mac (supported message integrity codes),
         kex (key exchange algorithms), key (key types), key-cert (certificate key types), key-plain (non-certificate
         key types), protocol-version (supported SSH protocol versions), and sig (supported signature algorithms). 

   -q    Quiet mode.
   -R [bind_address:]port:host:hostport
   -R [bind_address:]port:local_socket
   -R remote_socket:host:hostport
   -R remote_socket:local_socket
   -R [bind_address:]port
         Specifies that connections to the given TCP port or Unix socket on the remote (server) host are to be forwarded
         to the local side. 
         Port forwardings can also be specified in the configuration file. Privileged ports can be forwarded only when
         logging in as root on the remote machine. Specify IPv6 addresses be enclosing the address in square brackets.

   -S ctl_path
         Specifies the location of a control socket for connection sharing, or the string 'none' to disable connection sharing.
         Refer to the description of ControlPath and ControlMaster in ssh_config(5) for details.

   -T    Disable pseudo-terminal allocation.

   -t    Force pseudo-terminal allocation.
         This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful,
         e.g. when implementing menu services. Multiple -t options force tty allocation, even if ssh has no local tty.

   -V    Display the version number.

   -v    Verbose mode.

   -W host:port
         Request that standard input and output on the client be forwarded to host on port over the secure channel.
         Implies -N, -T, ExitOnForwardFailure and ClearAllForwardings, though these can be overridden in the configuration
         file or using -o command line options.

   -w local_tun[:remote_tun]]
         Request tunnel device forwarding with the specified tun(4) devices between the client (local_tun) and
         the server (remote_tun). The devices may be specified by numerical ID or the keyword 'any', which uses the next
         available tunnel device. If remote_tun is not specified, it defaults to 'any'.
         See also the Tunnel and TunnelDevice directives in ssh_config(5).

         If the Tunnel directive is unset, it will be set to the default tunnel mode, which is 'point-to-point'.
         If a different Tunnel forwarding mode it desired, then it should be specified before -w.

   -X    Enable X11 forwarding. This can also be specified on a per-host basis in a configuration file.
         X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote
         host (for the user's X authorization database) can access the local X11 display through the forwarded
         connection. An attacker may then be able to perform activities such as keystroke monitoring.

         For this reason, X11 forwarding is subjected to X11 SECURITY extension restrictions by default.
         Please refer to the ssh -Y option and the ForwardX11Trusted directive in ssh_config(5) for more information.

   -x    Disable X11 forwarding. 

   -Y    Enable trusted X11 forwarding. Trusted X11 forwardings are not subjected to the X11 SECURITY extension controls. 
   -y    Send log information using the syslog(3) system module. By default this information is sent to stderr.

By default, ssh attempts to connect to an SSH server running on port 22, use the -p option to select a different port.

ssh may additionally obtain configuration data from a per-user configuration file and a system-wide configuration file. The file format and configuration options are described in ssh_config(5).


Install SSH with PowerShell:

C:\> powershell "Add-WindowsCapability -Online -Name OpenSSH.Client~~~~"

Connect to an SSH server at with the username xiaoping:

C:\> ssh -l xiaoping

This can be shortened to:

C:\> ssh

“The happiest, healthiest, and longest lasting relationships happen when each partner is secure and whole within themselves” ~ Pamela Cummins

Related commands

OpenSSH Man Pages
PuTTY - A Free Telnet/SSH Client.
OpenSSH For Windows Server - Installation of the SSH server.
TELNET - Communicate with another host using the TELNET protocol.

Copyright © 1999-2023
Some rights reserved