List of Articles Icon

Knowledge Base

Guides and answers for your VPS, the client area, and billing

SSH and PowerShell remoting on your Windows VPS

What this is

RDP is the desktop; sometimes you want the terminal: quick edits over a slow link, scripted administration, scp-style file transfers, or pointing a terminal AI agent at the machine. Windows Server ships an OpenSSH server as an optional feature, two commands and your Windows VPS speaks the same SSH as everything else you run.

Install and start it

In an elevated PowerShell (over RDP):

Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Start-Service sshd
Set-Service sshd -StartupType Automatic

Installing the capability normally creates the firewall rule for port 22, verify rather than assume: Get-NetFirewallRule -Name *ssh* (and add it if missing). Then from your own machine:

ssh [email protected]

with your Administrator password, you land in a Windows shell on the VPS. Two nice upgrades: make PowerShell the default SSH shell (instead of cmd):

New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Program Files\PowerShell\7\pwsh.exe" -PropertyType String -Force

(or the powershell.exe path for built-in 5.1), and scp/sftp now work against the VPS for file transfer, the same clients and habits as on Linux.

Key authentication, and the Windows gotcha

Keys work, and the generation story is identical, but Windows has one famous trap: for accounts in the Administrators group, OpenSSH does not read ~/.ssh/authorized_keys. Admin keys go in a shared file instead:

C:\ProgramData\ssh\administrators_authorized_keys

Append your public key there, and the file's permissions must be restricted to Administrators and SYSTEM (if you created it fresh, run: icacls C:\ProgramData\ssh\administrators_authorized_keys /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F"). Half of all "key auth won't work on Windows" threads are this one paragraph.

Once keys work, the RDP hardening logic applies to SSH too: consider disabling password auth (PasswordAuthentication no in C:\ProgramData\ssh\sshd_config, then Restart-Service sshd), and IP-restrict the port 22 rule the same way as RDP's.

PowerShell remoting, the other door

Native Windows remote administration is WinRM (Enter-PSSession, Invoke-Command), powerful inside trusted networks, but its authentication over the open internet is fiddlier than SSH's. On a lone VPS, SSH (which modern PowerShell rides happily, Enter-PSSession -HostName vps -UserName Administrator works over it) is the simpler, better-understood door. Pick one, secure it well, and don't leave both wide open.

Still need help?

You can open a support ticket. So we can help on the first reply, it's worth mentioning:

  • the VPS hostname or IP,
  • what fails (install, connection, key auth) with the exact message,
  • whether password SSH works while key auth doesn't.
  • "How do I SSH into my Windows VPS?"
  • "How do I install OpenSSH Server on Windows Server?"
  • "Why doesn't my SSH key work for Administrator on Windows?"
  • "How do I make PowerShell the default SSH shell?"
  • "SSH or WinRM for managing a Windows VPS?"
Last reviewed: 2026-07-02