SSH and PowerShell remoting on your Windows VPS
What this is
RDP is the desktop; sometimes you want the terminal: quick edits over a slow link, scripted administration, scp-style file transfers, or pointing a terminal AI agent at the machine. Windows Server ships an OpenSSH server as an optional feature, two commands and your Windows VPS speaks the same SSH as everything else you run.
Install and start it
In an elevated PowerShell (over RDP):
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Start-Service sshd
Set-Service sshd -StartupType Automatic
Installing the capability normally creates the firewall rule for port 22, verify rather than assume: Get-NetFirewallRule -Name *ssh* (and add it if missing). Then from your own machine:
ssh [email protected]
with your Administrator password, you land in a Windows shell on the VPS. Two nice upgrades: make PowerShell the default SSH shell (instead of cmd):
New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" -Name DefaultShell -Value "C:\Program Files\PowerShell\7\pwsh.exe" -PropertyType String -Force
(or the powershell.exe path for built-in 5.1), and scp/sftp now work against the VPS for file transfer, the same clients and habits as on Linux.
Key authentication, and the Windows gotcha
Keys work, and the generation story is identical, but Windows has one famous trap: for accounts in the Administrators group, OpenSSH does not read ~/.ssh/authorized_keys. Admin keys go in a shared file instead:
C:\ProgramData\ssh\administrators_authorized_keys
Append your public key there, and the file's permissions must be restricted to Administrators and SYSTEM (if you created it fresh, run: icacls C:\ProgramData\ssh\administrators_authorized_keys /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F"). Half of all "key auth won't work on Windows" threads are this one paragraph.
Once keys work, the RDP hardening logic applies to SSH too: consider disabling password auth (PasswordAuthentication no in C:\ProgramData\ssh\sshd_config, then Restart-Service sshd), and IP-restrict the port 22 rule the same way as RDP's.
PowerShell remoting, the other door
Native Windows remote administration is WinRM (Enter-PSSession, Invoke-Command), powerful inside trusted networks, but its authentication over the open internet is fiddlier than SSH's. On a lone VPS, SSH (which modern PowerShell rides happily, Enter-PSSession -HostName vps -UserName Administrator works over it) is the simpler, better-understood door. Pick one, secure it well, and don't leave both wide open.
Still need help?
You can open a support ticket. So we can help on the first reply, it's worth mentioning:
- the VPS hostname or IP,
- what fails (install, connection, key auth) with the exact message,
- whether password SSH works while key auth doesn't.
Related questions
- "How do I SSH into my Windows VPS?"
- "How do I install OpenSSH Server on Windows Server?"
- "Why doesn't my SSH key work for Administrator on Windows?"
- "How do I make PowerShell the default SSH shell?"
- "SSH or WinRM for managing a Windows VPS?"