This document describes how to connect to Windows virtual machine (VM) instances using SSH. For other ways to connect to Windows VMs, see Connect to Windows VMs using RDP and Connect to Windows VMs using PowerShell. To learn about how SSH works in Compute Engine, see About SSH connections.
Before you begin
- If you want to use the command-line examples in this guide, do the following:
- Install or update to the latest version of the Google Cloud CLI.
- Set a default region and zone.
SSH for Windows is supported on
Windows Server images running
the guest agent (
20220527.00 or later.
Enable SSH for Windows VMs
To enable SSH connections to Windows VMs, install the
google-compute-engine-ssh package and set the
enable-windows-ssh key to
TRUE in project or instance metadata. Enabling SSH for Windows in project
metadata enables SSH for all Windows VMs in your project. Enabling SSH for
Windows in instance metadata enables SSH for a single VM and overrides the value
set in project metadata.
Enable SSH for Windows while creating a VM
Enable SSH for Windows while creating a VM using the Google Cloud console or the Google Cloud CLI.
Create a VM from a public image
that installs the
google-compute-engine-ssh package and enables SSH on
Specify the following Boot disk properties:
- Operating system: Windows Server
- Version: Any version
In the Networking, disks, security, management, sole tenancy section, expand the Management section.
In the Metadata section, click Add item. Add a startup script that installs the
google-compute-engine-sshpackage by entering the following metadata key-value pair:
googet -noconfirm=true install google-compute-engine-ssh
In the Metadata section, click Add item. Set
TRUEby entering the following metadata key-value pair:
Click Create to create and start the VM.
Run the following
gcloud compute instances create command
to create a Windows Server VM that installs the
package and enables SSH on startup:
gcloud compute instances create VM_NAME \ --image-family=IMAGE_FAMILY \ --image-project=windows-cloud \ --metadata sysprep-specialize-script-cmd="googet -noconfirm=true install google-compute-engine-ssh",enable-windows-ssh=TRUE
Replace the following:
VM_NAME: the name of the new VM.
IMAGE_FAMILY: a Windows Server image family. This creates the VM from the most recent non-deprecated Windows Server image.
Enable SSH for Windows on a running VM
To enable SSH on a running Windows VM, do one of the following, depending on whether you can use RDP to access your VM or if your workload can tolerate a reboot:
- RDP access required: Connect to the VM using RDP and install the SSH package
Reboot required: Use a startup script to install the SSH package
If you can access your VM using RDP, enable SSH by doing the following:
Open an administrator Command Prompt session by doing the following:
Open the Start menu.
Navigate to Command Prompt.
Right-click Command Prompt and select Run as administrator.
If you are prompted to allow Command Prompt to make changes to your device, select Yes.
Download and install the
google-compute-engine-sshpackage by running the following command:
googet -noconfirm=true update google-compute-engine-windows && googet -noconfirm=true install google-compute-engine-ssh
Close the RDP session.
Enable Windows SSH in metadata by setting the
TRUE. For more information about setting metadata, see Set custom metadata.
If you can't access your VM using RDP, enable SSH by doing the following:
Set the following metadata key-value pairs on the VM to enable SSH. For more information about setting metadata, see Set custom metadata.
SSH package installation metadata:
googet -noconfirm=true update && googet -noconfirm=true install google-compute-engine-ssh
SSH enablement metadata:
Start the VM. The VM might take a few minutes to reboot.
Connect to VMs using SSH
Connect to VMs using the
gcloud compute ssh command:
gcloud compute ssh VM_NAME
VM_NAME with the name of the Windows VM that
you want to connect to.
Connect to VMs that use AD
If the VM you're connecting to uses Active Directory (AD), connect using the following command:
gcloud compute ssh DOMAIN\USERNAME@VM_NAME
Replace the following:
DOMAIN: your AD domain. For example the domain of the
USERNAME: your AD username. For example,
VM_NAME: the name of the Windows VM that you want to connect to.
- Learn how to troubleshoot SSH connections.
- Learn how to Add SSH keys to VMs
- Learn how to Restrict SSH keys from VMs.