Using PowerShell through SSH
Updated: The Modern Way (2026)
When I wrote this article in 2006, Windows had no native SSH support. Getting PowerShell to work over SSH required installing Cygwin, manually configuring SSHD, and piping commands through a compatibility layer. I actually begged Microsoft to “just use SSH” instead of inventing something proprietary.
They eventually listened. It took over a decade, but SSH is now built into Windows and PowerShell has first-class SSH remoting support. Here’s how it works today.
Install OpenSSH Server
OpenSSH has shipped as an optional feature since Windows 10 (build 1809) and Windows Server 2019. On Windows Server 2025, it’s pre-installed. To enable it:
# Install the OpenSSH server (run as Administrator)
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
# Start the service and set it to auto-start
Start-Service sshd
Set-Service -Name sshd -StartupType Automatic
That’s it. No Cygwin, no environment variables, no mirror hunting.
Configure PowerShell as the Default Shell
By default, Windows OpenSSH drops you into cmd.exe. To use PowerShell instead:
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" `
-Name DefaultShell `
-Value "C:\Program Files\PowerShell\7\pwsh.exe" `
-PropertyType String -Force
SSH Remoting with PowerShell 7
PowerShell 7 added native SSH transport for remoting. You can open interactive sessions or run commands on remote machines across Windows, Linux, and macOS:
# Interactive session
Enter-PSSession -HostName user@server
# Run a command remotely
Invoke-Command -HostName user@server -ScriptBlock {
Get-Process | Sort-Object CPU -Descending | Select-Object -First 5
}
# Create a persistent session for multiple commands
$session = New-PSSession -HostName user@server
Invoke-Command -Session $session -ScriptBlock { Get-Service }
This works cross-platform. You can remote from a Mac into a Windows server, or from Windows into a Linux box, as long as both sides have PowerShell 7 and OpenSSH configured.
Setting Up the SSH Subsystem
For Enter-PSSession -HostName to work, the remote machine needs PowerShell registered as an SSH subsystem. Add this line to C:\ProgramData\ssh\sshd_config:
Subsystem powershell c:/progra~1/powershell/7/pwsh.exe -sshs -nologo
Then restart the SSH service:
Restart-Service sshd
See Microsoft’s PowerShell Remoting over SSH documentation for the full setup guide.
Original 2006 Article
The following is the original article from July 2006, preserved for historical context. At the time, PowerShell was brand new, Windows had no SSH support, and Cygwin was the only way to make this work.
Introduction
Windows PowerShell is a new command-line shell and task-based scripting technology that provides comprehensive control and automation of system administration tasks. Windows PowerShell allows Windows administrators to be more productive by providing numerous system administration utilities, consistent syntax, and improved navigation of common management data such as the registry or Windows Management Instrumentation (WMI). Windows PowerShell also includes a scripting language which enables comprehensive automation of Windows system administration tasks. The Windows PowerShell language is intuitive and supports existing scripting investments. Exchange Server 2007 and System Center Operations Manager 2007 will be built on Windows PowerShell.
I come from UNIX, where the text shell is the preferred way to do system administration. I’ve been following Powershell née Monad for some time. Windows has needed a powerful shell since before MS-DOS (not sure what the default shell in Xenix was). The PowerShell team seems to be laying out some of the architecture that will be needed to bring Microsoft forward on this front. I’ve argued before that one of the reasons Google is beating Microsoft is the easy scriptability and command line interface on Google’s Platform, Linux. If Microsoft wants to play seriously with admins like me and compete with Apple and Google, they will have to continue building on PowerShell.
One of the key components of System Administration is remote access. It would be absurd to have to physically walk up to every machine you were responsible for and use the keyboard and mouse to configure or install anything. There are some pretty good tools for working with Windows remotely, but most of them require a video card and mouse. I can type upwards to 100 words a minute, anytime I have to move my hands off the home row to the mouse, I am losing productivity. Anytime I have to stream video, I am wasting bandwidth. I can administer a UNIX box from a palmtop device like a Sidekick over a slow cell phone connection.
One of the first things that an admin wants to do with PowerShell is run remotely. To do this securely, you must encrypt your data. SSH has been the proven way to do this. So the question becomes, how do I connect SSH and PowerShell together? With a little bit of kludge, it is possible. Why this wasn’t included by default in version 1.0, I have no idea. My advice and plea to the Microsoft developers is to just use SSH. Please don’t invent a proprietary Microsoft only tool to do this. Please please please please!
Note: The following assumes that you have logged in as a local admin and this account has a password.
Download and Install Cygwin
Fire up Firefox (or your favorite browser) and choose a Cygwin Mirror.
- Select a mirror
- Download setup.exe
- Run setup.exe
- Most of the defaults can be left as is
However, make sure to select SSH under the Network category. It will select the other required dependencies for you.
Configure Cygwin
Right click My Computer, select Properties -> Advanced -> Environment Variables.
Next, click the New button and add:
name: CYGWIN
value: ntsec
Select the Path variable and click Edit then append ;c:\cygwin\bin (assuming you installed Cygwin here) at the end of the existing string.
Download and Install Microsoft Tools
Note: The following requires Microsoft Passport aka Live ID
Unzip the downloads and run their respective setup. I used all the defaults.
Run Cygwin
- Either click the green Cygwin icon or run
c:\cygwin\cygwin.bat - Run ssh install script:
$ ssh-host-config - Answer “yes” to every question except for the last one, which should be ntsec
Should privilege separation be used? (yes/no) yes
Should this script create a local user 'sshd' on this machine? (yes/no) yes
Do you want to install sshd as service?
(Say "no" if it's already installed as service) (yes/no) yes
Which value should the environment variable CYGWIN have when
sshd starts? It's recommended to set at least "ntsec" to be
able to change user context without password.
Default is "ntsec". CYGWIN=ntsec
Start SSHD:
$ net start sshd
The CYGWIN sshd service is starting.
The CYGWIN sshd service was started successfully.
Run Powershell
Start -> Programs -> Windows Powershell. Choose to always accept Microsoft signed code. Close PowerShell.
Test SSH and Powershell
Run Putty or your favorite ssh client and connect to localhost. Accept the hash and login. If everything works, you should be at a bash prompt in Cygwin.
Next run PowerShell. Due to the limitations of PowerShell v1.0 we have to tell it that we are redirecting the input. Note that you won’t get any output from PowerShell indicating that it started up, including a command prompt!
$ "/cygdrive/c/Program Files/Windows PowerShell/v1.0/powershell.exe" -Command -
Try a PowerShell one-liner:
[System.Net.Dns]::GetHostbyAddress("207.46.198.30")
[System.Net.Dns]::GetHostAddresses("www.msn.com")
dir | where {$_.PsIsContainer}
Links
Credits
Big shout out and thanks to Lee Holmes for answering my e-mail and pointing me in the right direction, and PigTail Cygwin SSHD Instructions for clearing up some of the finer points in the SSH install.
Comments
Glad that it worked out for you. When I was playing with the same idea, connecting my Pocket PC phone to PowerShell via SSH from 200 miles away was truly a delightful experience.
SSH won't be our ultimate remoting model, though. As you might imagine, an object-based shell provides many opportunities to improve the remoting experience beyond what administrators are typically used to. It's a top priority for our "V1 Refresh."
shutter
Well, I hope that Microsoft will at least make it easy to use SSH if an admin wants, even if you consider it "legacy" technology. :)
Seriously, please include SSH access. Everytime I hear you guys say something "provides many opportunities to improve..." you go and make things worse and more difficult to use, rather than easier and better. Just like you claimed monad would be better than bash, yet I can't even do something as simple as inline changing the text color in monad, whereas in bash this is easy and natural to do. How often do I actually do this in a bash script? All the time. I've learned how useful syntax highlighting is from programming for so many years, so I extend the concept to my scripts. Why should I have to specify new text colors on seperate lines? That's absurd. Being that this is supposed to be an object oriented shell, it shouldn't be hard to make this work. In C++, I would setup my streams classes to be able to do this:
ostream
The value of the CYGWIN environment variable should be "ntsec" (without quotes), not "netsec".
Thanks! Fixed the typo.
Great article... Let's wait the final version of PowerShell...
[]s,
Vinicius Canto
Brasil
> yet I can’t even do something as simple as inline changing the text color in monad, whereas in bash this is easy and natural to do.
You are right. There are a number of things that should be a ton easier to do. A lot of that will get easier when we have a proper hosting environment (e.g. something other than the CONSOLE).
Our plans for remoting are to leverage WS-MGMT the remoting protocol recently standardized through the DMTF. Withhold judgement for a while until you have a chance to see what we are doing with it - I think you'll like it.
Jeffrey Snover [MSFT]
Windows PowerShell/Aspen Architect
Visit the Windows PowerShell Team blog at: http://blogs.msdn.com/Power...
Visit the Windows PowerShell ScriptCenter at: http://www.microsoft.com/te...
PSMDTAG:FAQ: SSH - can I use it with WIndows PowerShell?
:
Jeffrey,
I am of the opinion, that Microsoft doesn't acknowledge the real world of multiple operating systems, or the value of interop with them. SSH/SCP/SFTP are insanely necessary for some of us. We go through great lengths to either avoid Windows because of the shell and no SSH interop, or great lengths(or cost) to implement SSH server on Windows.
It's not so great for MS to hide behind a standard that is hardly in use and provides no compatibility with everything we've built on other operating systems.
You've done a remarkable job with powershell v2. It's a great start and the xml processing alone is worth the installation. But the remoting is still awful.
I live in a world where firewalls are everywhere, SSH is the only protocol and port I need. I don't need SSL certificates that expire, I can do passwordless scripted auth and audit the keys.
I am really frustrated that with all the advances in Windows 2008/R2, Microsoft still doesn't off a native SSH server. I've been asking for this for 8 years now.
I can't see any benefit that WinRM offers over SSH, but I can see it the other way around. Add interop on top of that, and I can't ever consider WinRM as a replacement.
Please, Please talk to your customers. Talk to your ISPs. FTP and Telnet are insecure and many normal users have caught on to that. Why does IIS 7.5 still not support SFTP as a file transfer option? FTPS is not the same thing by a long shot.
It's all related. If Powershell had ssh/scp/sftp cmdlets, and IIS had SFTP/SCP support - many privacy minded companies and people would consider native solutions. Every other operating system comes with this.
Powershell has a ways to go... but the single most important feature missing is SSH integration.
Do some searchs for powershell sharp ssh and powershell ssh, and see what comes back.
Thanks for reading.
How do you think of my powershell remoting?
Tony
Asking for help:
I am trying to teach myself C programming. After buying two compilers I heard about Cygwin. I think I have it running. I get the prompt window and enter the program called cg.c in C:\cygwin\home\janice (after getting the added gcc added to my upload). I get a message that says the program should end with a newline. Also this 'ld' message as shown below.
cg.c:
#include
main()
{
printf ("2345\n");
}
janice@D97FQP91 ~
$ gcc cg.c
collect2: cannot find `ld'
could you please help me get over this "compile it" hurdle?
Thanks, SUPER THANKS,
Happy
A more natural way to do this on WinXP/Server is with WinSSHD (http://www.bitvise.com/wins..., which I was able to get working with Powershell in a matter of minutes.
It's not free, no, but at $40 for personal and $100 for business, it's not bad at all.
It's always buy, buy, buy. Why not free:
/n software's PowerShell Remoting product:
http://www.nsoftware.com/po...
How about the reverse? execute a ssh command from powershell and handle the output? Otherwise as and ESX server admin I am stuck writing on two plats
this doesn't seem to work that well. i tried running a script remotely and nothing. this configuration seems to work better:
here's a working link, http://www.gotmvc.net/2008/...
another way how to combine SSH and Powershell (without need to use Cygwin) is here: http://lo0m.blogspot.com/20...
I haven't had much success with this yet. I can execute commands like 'dir' but not any of the powershell 'get-*' commands. The latter give the message "access is denied". I can run powershell just fine interactively in either a cmd.exe or cygwin shell. Passwordless ssh also works fine otherwise. I'm using a Linux client, would that make a difference? I also tried:
powershell -command ""
This works in cmd.exe but not in cygwin. Any ideas what could be wrong?
What would be really useful is to put the above in a ssh command:
ssh administrator@win_server powershell -command ""
With passwordless login, this command could be part of a script that could, e.g., perform the same command on a large number of windows servers almost simultaneously. (Such things are routinely done for Linux servers.) Has anybody tried this?
Hi Jeff
I have the exact same problem, I've tried with linux SSH and Tectia for windows if I ssh interactively I can run powershell scripts fine. If I try and run them from command line it just waits, until I hit CTR+C then it runs the script.
Have you had any luck?
Thanks
Hi all !!
I did it !
If you try to run powershell scripts in cygwin command line you may expect a black screen if you have the following configuration :
- open the file c:\cygwin\cygwin.bat
- remove the "tty" from the line set "CYGWIN=binmode ntsec"
Then you should be able to execute powershell script in the local system but not yet with ssh.
Then to run Powershell scripts through SSH you have to open the ssh connection with the option "-f" :
> ssh -f my.server.com
or without interactive mode :
> ssh -f administrator@my.server.com "powershell mycommand.exe"
Hope it will help some of you !!
(I don't know how to pass the option -f to putty, so it doesn't work with putty)
I need some help,
I have setup my ssh-to-powershell environment on Windows, with my powershell .profile and registered my snapins.
I want to run PowerShell scripts from an SSH / PLINK remote session against a Windows Server hosting the SSH Server.
I have setup the following variable in my Powershell profile; eg. $domain = [ADSI] "LDAP://domain_name:389/dc=local,dc=com"
When I run this command on a SSH remote session; $domain.psbase.Get_children()
This is the result...
The following exception was thrown when trying to enumerate the collection: "An
operations error occurred.".
At C:\posh\getADRC.ps1:7 char:28
+ $domain.psbase.Get_children <<<< ()
+ CategoryInfo : NotSpecified: (:) [], ExtendedTypeSystemException
+ FullyQualifiedErrorId : ExceptionInGetEnumerator
I have also placed the two commands in a .PS1 file and executed it via PLINK; eg. PLINK.EXE my_session_name C:\Scripts\getADRC.PS1
This is the result...
The following exception was thrown when trying to enumerate the collection: "An
operations error occurred.".
At C:\Scripts\getADRC.PS1:7 char:28
+ $domain.psbase.Get_children <<<< ()
+ CategoryInfo : NotSpecified: (:) [], ExtendedTypeSystemException
+ FullyQualifiedErrorId : ExceptionInGetEnumerator
I would appreciate any help that I can get.
Also would appreciate it - if you could share any example scripts that you have written to run from a unix SSH session on to a Windows POSH session.
Thanks.
>or without interactive mode :
>> ssh -f administrator@my.server.com “powershell mycommand.exe”
>Hope it will help some of you !!
QuikJensen, thanks, it helped a lot.