Commercial Products
Aug '09

Running SSH on Windows

posted by delano

SSH (Secure Shell) is a network protocol that allows data to be exchanged securely between one or more devices. It's used to automate command execution and transfer files. SSH is most often associated with Linux, Unix, and other "non-Windows" operating systems, but it can run on Windows as well. This document takes you through the steps for installing an SSH server on a Windows machine.


There are several SSH servers available for Windows, both free and commercial products. I've found copSSH to be the easiest and also the most up to date.

  • Download the installation package
  • Run installer
  • Authorize users
  • Copy public key
  • Update Security Group (Amazon EC2 only)
  • Test connection
  • Bundle AMI (Amazon EC2 only)

Note: This post describes the process for enabling passwordless logins via SSH. You will not be able to login with your regular password.

Download the installation package

The following installation package must be downloaded to the Windows machine which will run the SSH server.

Right-click the file and select Extract All...

Run Installer

When you double click the installer, Windows will display a warning because the software isn't signed by a known publisher. This is typical for free and opensource software on Windows. It's safe to click Run.

It's safe to click Run

Most of the screens explain themselves, but there is one the requires special attention. You need to specify a user with administrator rights to the machine. This example uses the Administrator account, but you can also specify a different one. It will create a new account for you if you specify a user name that does not already exist.

Enter a user with administrator privileges

Note: Be sure to click Ok when prompted to start copSSH as a service.

Authorize users

After completing the installation, you must authorize SSH access for at least one user. You can do this by going to Start > All Programs > Copssh > 01. Activate a user.

Start > All Programs > Copssh > 01. Activate a user

Copy Public Key

In order to enable passwordless logins, you must copy your public keys to the Windows machine. You can find your default public keys in ~/.ssh but you can specify others as well. Here's a basic command for creating an authorized_keys file.

$ cat ~/.ssh/ ~/.ssh/ >> ./authorized_keys

This file will contain a list of your public keys, one key per line. You must upload this file (or copy and paste the contents) to C:\Program Files\ICW\home\Administrator\.ssh\authorized_keys.

C:\Program Files\ICW\home\Administrator\.ssh\authorized_keys

Update Security Group

For Amazon EC2 customers

You need to open access to port 22 for the security group associated to your Windows instance. You will need to replace the source IP address used in this example ( with either your external IP address (very safe) or (less safe because this means it's open for the entire internet).

You can use one of the following methods.

Via Rudy

$ rudy-ec2 groups --authorize -p 22 -a grp-name

Via Amazon API Tools

$ ec2-authorize -p 22 -s grp-name

Via Amazon AWS Console

Test connection

If everything went well, you will be able to login via SSH:

$ ssh Administrator@yourwindowsmachine
Last login: Wed Aug 19 07:01:19 2009 from


Bundle AMI

For Amazon EC2 customers

If you're running Windows within EC2, you need to create a machine image based on the running instance. Otherwise you'll need to follow these steps again when you start a new instance!

There are two steps to bundling a Windows image. The first creates an image from the running instance and stores it to Amazon S3 ("Simple Storage Service"). Before executing the following command, you'll want to consider the following:

  • Have you changed the Administrator password? If not, make sure you've written down the password you used to log in the first time. Amazon doesn't keep it on record so if you don't know the password, you won't be able to log in!
  • Make sure everything on the machine is exactly you would like to see it when you start a new instance. For example, if you leave a bunch of files on the desktop that you don't need, you will have to see them every time you launch a new instance of this image.
  • Empty the recycle bin.
  • Copy anything off of the D: drive that you want to keep. That is a temporary disk that is destroyed when the instance is shutdown and not stored in the machine image.

Then run the following command to initiate the bundling process.

$ ec2-bundle-instance i-12345678 -b BUCKET-IN-US -p IMAGE-NAME -o accessaccessaccess -w secretsecretsecret -K path/2/pk-***.pem -C ~path/2/cert-***.pem --url --region us-east-1

Bundling can take anywhere from 20 to 60 minutes. You can check on the progress by running ec2-describe-bundle-tasks. Once it's complete, run the following to register the machine image to your account.

$ ec2-register --region us-east-1 BUCKET-IN-US/IMAGE-NAME.manifest.xml

That's it. Don't forget to shutdown the Windows instance!

Other Resources

If you have any questions or problems, feel free to contact me via the discussion group.

I'm Delano Mandelbaum, the founder of Solutious Inc. I've worked for companies large and small and now I'm putting everything I've learned into building great tools. I recently launched a monitoring service called Stella.

You can also find me on:

-       Delano (

Solutious is a software company based in Montréal. We build testing and development tools that are both powerful and pleasant to use. All of our software is on GitHub.

This is our blog about performance, development, and getting stuff done.

-       Solutious