Connect to Windows VMs using SSH

This document describes how to connect to Windows virtual machine (VM) instances using SSH. For other ways to connect to Windows VMs, see Connect to Windows VMs using RDP and Connect to Windows VMs using PowerShell. To learn about how SSH works in Compute Engine, see About SSH connections.

Before you begin

  • If you haven't already, then set up authentication. Authentication is the process by which your identity is verified for access to Google Cloud services and APIs. To run code or samples from a local development environment, you can authenticate to Compute Engine by selecting one of the following options:

    Select the tab for how you plan to use the samples on this page:

    Console

    When you use the Google Cloud console to access Google Cloud services and APIs, you don't need to set up authentication.

    gcloud

    1. Install the Google Cloud CLI, then initialize it by running the following command: 

      gcloud init
    2. Set a default region and zone.

Supported images

SSH for Windows is supported on Windows Server images running the guest agent (GCEGuestAgent) version 20220527.00 or later and OpenSSH version 8.6 or later.

Enable SSH for Windows VMs

To enable SSH connections to Windows VMs, install the google-compute-engine-ssh package and set the enable-windows-ssh key to TRUE in project or instance metadata. Enabling SSH for Windows in project metadata enables SSH for all Windows VMs in your project. Enabling SSH for Windows in instance metadata enables SSH for a single VM and overrides the value set in project metadata.

Enable SSH for Windows while creating a VM

Enable SSH for Windows while creating a VM using the Google Cloud console or the Google Cloud CLI.

Console

Create a VM from a public image that installs the google-compute-engine-ssh package and enables SSH on startup:

  1. Specify the following Boot disk properties:

    • Operating system: Windows Server
    • Version: Any version

  2. In the Advanced options section, expand the Management section.

  3. In the Metadata section, click Add item. Add a startup script that installs the google-compute-engine-ssh package by entering the following metadata key-value pair:

    • Key: sysprep-specialize-script-cmd
    • Value: googet -noconfirm=true install google-compute-engine-ssh

  4. In the Metadata section, click Add item. Set enable-windows-ssh to TRUE by entering the following metadata key-value pair:

    • Key: enable-windows-ssh
    • Value: TRUE

  5. Click Create to create and start the VM.

gcloud

Run the following gcloud compute instances create command to create a Windows Server VM that installs the google-compute-engine-ssh package and enables SSH on startup:

gcloud compute instances create VM_NAME \
    --image-family=IMAGE_FAMILY \
    --image-project=windows-cloud \
    --metadata sysprep-specialize-script-cmd="googet -noconfirm=true install google-compute-engine-ssh",enable-windows-ssh=TRUE

Replace the following:

  • VM_NAME: the name of the new VM.
  • IMAGE_FAMILY: a Windows Server image family. This creates the VM from the most recent non-deprecated Windows Server image.

Enable SSH for Windows on a running VM

To enable SSH on a running Windows VM, do one of the following, depending on whether you can use RDP to access your VM or if your workload can tolerate a reboot:

  • RDP access required: Connect to the VM using RDP and install the SSH package

  • Reboot required: Use a startup script to install the SSH package

RDP

If you can access your VM using RDP, enable SSH by doing the following:

  1. Connect to the VM using RDP.

  2. Open an administrator Command Prompt session by doing the following:

    1. Open the Start menu.

    2. Navigate to Command Prompt.

    3. Right-click Command Prompt and select Run as administrator.

      If you are prompted to allow Command Prompt to make changes to your device, select Yes.

  3. Download and install the google-compute-engine-ssh package by running the following command:

    googet -noconfirm=true install google-compute-engine-windows && googet -noconfirm=true install google-compute-engine-ssh

  4. Close the RDP session.

  5. Enable Windows SSH in metadata by setting the enable-windows-ssh key to TRUE. For more information about setting metadata, see Set custom metadata.

Startup script

If you can't access your VM using RDP, enable SSH by doing the following:

  1. Stop the VM.

  2. Set the following metadata key-value pairs on the VM to enable SSH. For more information about setting metadata, see Set custom metadata.

    • SSH package installation metadata:

      • Key: windows-startup-script-cmd
      • Value: googet -noconfirm=true update && googet -noconfirm=true install google-compute-engine-ssh

    • SSH enablement metadata:

      • Key: enable-windows-ssh
      • Value: TRUE

  3. Start the VM. The VM might take a few minutes to reboot.

Connect to VMs using SSH

Connect to VMs using the gcloud compute ssh command:

gcloud compute ssh VM_NAME

Replace VM_NAME with the name of the Windows VM that you want to connect to.

Connect to VMs that use AD

If the VM you're connecting to uses Active Directory (AD), connect using the following command:

gcloud compute ssh DOMAIN\USERNAME@VM_NAME

Replace the following:

  • DOMAIN: your AD domain. For example the domain of the ad.example.com AD, is example.
  • USERNAME: your AD username. For example, cloudysanfrancisco.
  • VM_NAME: the name of the Windows VM that you want to connect to.

What's next?