Windows Networking Protocols

Comprehensive documentation for network protocols on Windows.

SSH Client Protocols in Windows

This section details the Secure Shell (SSH) client protocols available and configurable within the Windows operating system. SSH provides a secure way to access and manage remote systems over an unsecured network, offering encryption and authentication.

Introduction to SSH Clients

An SSH client is a program that initiates a connection to an SSH server. Windows has evolved to include built-in SSH client capabilities, as well as support for third-party solutions. Understanding these protocols is crucial for secure remote administration, file transfers (SFTP/SCP), and tunneling.

Built-in Windows SSH Client

Modern versions of Windows (Windows 10 and Windows Server 2019 and later) include a native OpenSSH client. This client can be accessed via the Command Prompt or PowerShell.

Enabling the OpenSSH Client Feature

The OpenSSH client is an optional feature and may need to be installed:

  • Via Settings: Go to Settings > Apps > Optional features > Add a feature, and select "OpenSSH Client".
  • Via PowerShell (Administrator): 
    Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0

Using the Built-in Client

Once installed, you can connect to an SSH server using the ssh command:

ssh username@remote_host -p port_number

For example:

ssh admin@192.168.1.100 -p 2222

SSH Protocol Versions Supported

The Windows OpenSSH client typically supports the following SSH protocol versions:

  • SSHv2: This is the current standard, providing enhanced security features and performance over SSHv1. The Windows client primarily uses and recommends SSHv2.

SSHv1 is considered insecure and is generally not supported or recommended.

Key SSH Client Features and Configurations

The Windows SSH client offers several configurable options for authentication and session management:

  • Authentication Methods:
    • Password authentication
    • Public key authentication (highly recommended for security)
    • Keyboard-interactive (often used for multi-factor authentication prompts)
  • Key Management: Use ssh-keygen to generate and manage SSH key pairs. The default location for private keys is %USERPROFILE%\.ssh\id_rsa (or similar).
  • Configuration File: The client can be configured using the %USERPROFILE%\.ssh\config file for per-host settings, aliases, and default options.

Example config file entry:

Host myserver
    HostName server.example.com
    User myuser
    Port 2200
    IdentityFile ~/.ssh/myserver_key

Secure File Transfer Protocols (SFTP and SCP)

As part of the SSH suite, Windows provides clients for secure file transfers:

  • SFTP (SSH File Transfer Protocol): A more modern and robust file transfer protocol that runs over SSH. It supports resuming transfers, directory listings, and more. The sftp command is available.
  • SCP (Secure Copy Protocol): An older protocol for file transfer over SSH. The scp command is also available.

Both can be used from the command line:

# SFTP example
sftp username@remote_host

# SCP example (copying a local file to a remote server)
scp C:\path\to\local\file.txt username@remote_host:/path/on/remote/

Security Best Practices

Always prioritize public key authentication over password authentication for enhanced security. Ensure your SSH client and server software are kept up-to-date to mitigate against known vulnerabilities.

Third-Party SSH Clients

While the native OpenSSH client is powerful, many users and organizations also utilize third-party SSH clients such as:

  • PuTTY
  • MobaXterm
  • Solar-PuTTY
  • Windows Terminal (which can host the native OpenSSH client)

These clients often offer more advanced graphical interfaces, session management features, and integrated tools.