SSH tools for Windows

Safe Connection


The most elegant method of accessing remote files via SSH on Linux is undoubtedly the use of sshfs [9]. Sshfs is a FUSE (Filesystem in Userspace) module [10] that lets admins bind remote Linux machines to the local filesystem of the Linux client via SSH. The use of sshfs does not question the usefulness and functionality of Samba, but using Samba involves some installation and configuration overhead on the server and the client, whereas sshfs can be leveraged with little effort.

On the server, you need only a SFTP program, which is ensured by OpenSSH. To bind remote filesystems via SSH, you also need the small GPL'd SFTP tool Swish [11] on Windows. This open source tool is available from SourceForge [12], and the current version is 0.74 (see also the "WinSSH" box). Installing the executable binary needs no explanation; no launcher is needed because Swish simply appears as a new network drive called Swish.


Another very popular Windows SSH/SFTP client manufacturer is "WinSSH" [13] by commercial vendor SSH Communications Security, not to be confused with the commercial, Windows SSH server win sshd [14], which is free for private use. This program, which is available for downloading for universities and for non-commercial use [15], has two components, the "SSH Secure Shell Client for Windows" and "SSH File Transfer for Windows," but does not do more than the tools shown so far and is not exactly a spring chicken, as reflected in the old-fashioned look.

When you click, you first see an empty drive with two buttons, Add SFTP Connection and Launch key agent , at the top. Clicking on the former displays a dialog where you can specify the connection settings. You again need to enter the destination host, the desired username, and the directory path that is a relative root for the new connection. Also, the connection still needs a name under which to Create the configuration as a profile or network drive.

Additionally, with Swish, you may need to confirm the RSA key for the unknown host the first time you connect to it (Figure 9).

Figure 9: As a SSH front end, Swish also wants to add an RSA host key to its key management.

If you trust the fingerprint displayed, you can press I trust this key , enter your password and, depending on the chosen path, start work directly in the filesystem of the remote host as a normal network drive, that is, use drag and drop to copy data, or use Copy and Send to in the context menu (Figure 10).

Figure 10: Copying with Swish is achieved by drag and drop or with the context menu (Copy or Send to).

Key management is the front end for pagent; it displays the cached key or helps admins add new keys.

Port Forwarding

SSH can also secure any other protocol, such as FTP, with its port forwarding function. SSH port forwarding redirects the specified ports via a secure SSH connection, and SSH itself takes the role of a proxy. It accepts connections on one side of the tunnel and connects them at the other end with the specified server as the connection endpoint.

SSH tunnel has two operating modes: Local port forwarding and remote port forwarding (outbound/inbound tunnel), where typically local port forwarding is used. The parameters -L or -R indicate the direction. In local port forwarding, SSH routes an inbound port on a local client through a secure SSH channel to a port on the remote SSH server. The SSH syntax looks like this on a Linux client, for example:

ssh -L

The command redirects the insecure FTP connection via a secure SSH connection to the server with a default port of 21. If an SSH server is running on the server and the client, the ws1-fed client opens a secure SSH connection. The local SSH server then listens to all requests received on the local port 555 of ws1-fed, and forwards them to port 21 on the remote host,

Any further communication then takes place exclusively via the previously established SSH connection. The admin can now enter

ftp localhost 555

on the local host ws1-fed to start the FTP client in a second terminal session (basically opening a session to itself) to access the FTP server automatically at the other end. The difference now is that the channel is secure. The best thing about using the Cygwin-based tool, MobaXterm, is that you can point and click in the Tools | MobaSSHTunnel menu to put together the whole port forwarding configuration graphically.

Although FTP is not the best example, given the SFTP alternatives shown, this approach works with any other port or service as well. Regardless of whether the particular service is regarded to be inherently secure or insecure, admins will always benefit from the encrypted connection in SSH port forwarding.


In 14 years of its existence, SSH has not lost any of its usefulness, particularly for managing hosts or user interfaces. The word has spread, and Windows administrators can now turn to many graphical tools, such as PuTTY and MobaXterm, as clients.

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • SSH on Windows

    For Linux admins, SSH is one the most important tools of remote administration. SSH also works in Windows, with tools such as PuTTY or WinSSH, MobaXterm, WinSCP, or Swish.

  • MobaXterm: Unix for Windows

    MobaXterm, a portable X server for Windows, bundles built-in Unix/Posix tools into a single portable EXE file, letting you use a Linux command line and tools on the Windows desktop.

comments powered by Disqus