Connect to Windows VMs using SSH

Windows

Preview

This feature is subject to the "Pre-GA Offerings Terms" in the General Service Terms section of theService Specific Terms. Pre-GA features are available "as is" and might have limited support. For more information, see thelaunch stage descriptions.

This document describes how to connect to Windows virtual machine (VM)instances using SSH. For other ways to connect to Windows VMs, seeConnect to Windows VMs using RDPandConnect to Windows VMs using PowerShell.To learn about how SSH works in Compute Engine, seeAbout SSH connections.

Note: When a user connects to a VM, that user can use all of the IAM permissions granted to the service account attached to the VM.

Before you begin

Supported images

SSH for Windows is supported onWindows Server images runningthe guest agent (GCEGuestAgent) version20220527.00 or later and OpenSSHversion8.6 or later.

Enable SSH for Windows VMs

To enable SSH connections to Windows VMs, install thegoogle-compute-engine-ssh package and set theenable-windows-ssh key toTRUE in project or instance metadata. Enabling SSH for Windows in projectmetadata enables SSH for all Windows VMs in your project. Enabling SSH forWindows in instance metadata enables SSH for a single VM and overrides the valueset in project metadata.

Note: If you enable SSH for Windows on a VM running as an Active Directory (AD)controller or in a project that contains an AD controller, the AD controllerVM's Guest agent provisions AD users based on SSH keys added to project andinstance metadata. You can prevent unintended AD user provisioning bydisabling the account manageron the AD controller VM.

Enable SSH for Windows while creating a VM

Enable SSH for Windows while creating a VM using the Google Cloud console or theGoogle Cloud CLI.

Console

Create a VM from a public imagethat installs thegoogle-compute-engine-ssh package and enables SSH onstartup:

  1. Specify the followingBoot disk properties:

    • Operating system: Windows Server
    • Version: Any version

  2. In theAdvanced options section, expand theManagement section.

  3. In theMetadata section, clickAdd item. Add a startup scriptthat installs thegoogle-compute-engine-ssh package by entering thefollowing metadata key-value pair:

    • Key:sysprep-specialize-script-cmd
    • Value:googet -noconfirm=true install google-compute-engine-ssh

  4. In theMetadata section, clickAdd item. Setenable-windows-sshtoTRUE by entering the following metadata key-value pair:

    • Key:enable-windows-ssh
    • Value:TRUE

  5. ClickCreate to create and start the VM.

gcloud

Run the followinggcloud compute instances create commandto create a Windows Server VM that installs thegoogle-compute-engine-sshpackage and enables SSH on startup:

gcloud compute instances createVM_NAME \    --image-family=IMAGE_FAMILY \    --image-project=windows-cloud \    --metadata sysprep-specialize-script-cmd="googet -noconfirm=true install google-compute-engine-ssh",enable-windows-ssh=TRUE

Replace the following:

  • VM_NAME: the name of the new VM.
  • IMAGE_FAMILY: aWindows Server image family.This creates the VM from the most recent non-deprecated Windows Serverimage.

Enable SSH for Windows on a running VM

To enable SSH on a running Windows VM, do one of the following, depending onwhether you can use RDP to access your VM or if your workload can tolerate areboot:

  • RDP access required: Connect to the VM using RDP and install the SSHpackage

  • Reboot required: Use a startup script to install the SSH package

RDP

If you can access your VM using RDP, enable SSH by doing the following:

  1. Connect to the VM using RDP.

  2. Open an administrator Command Prompt session by doing the following:

    1. Open theStart menu.

    2. Navigate toCommand Prompt.

    3. Right-clickCommand Prompt and selectRun as administrator.

      If you are prompted to allow Command Prompt to make changes to your device,selectYes.

  3. Download and install thegoogle-compute-engine-ssh package by running thefollowing command:

    googet -noconfirm=true install google-compute-engine-windows && googet -noconfirm=true install google-compute-engine-ssh

  4. Close the RDP session.

  5. Enable Windows SSH in metadata by setting theenable-windows-ssh key toTRUE. For more information about setting metadata, seeSet custom metadata.

Startup script

If you can't access your VM using RDP, enable SSH by doing the following:

  1. Stop the VM.

  2. Set the following metadata key-value pairs on the VM to enable SSH. Formore information about setting metadata, seeSet custom metadata.

    • SSH package installation metadata:

      • Key:windows-startup-script-cmd
      • Value:googet -noconfirm=true update && googet -noconfirm=true install google-compute-engine-ssh

    • SSH enablement metadata:

      • Key:enable-windows-ssh
      • Value:TRUE

  3. Start the VM.The VM might take a few minutes to reboot.

Connect to VMs using SSH

Connect to VMs using thegcloud compute ssh command:

gcloud compute sshVM_NAME

ReplaceVM_NAME with the name of the Windows VM thatyou want to connect to.

Connect to VMs that use AD

If the VM you're connecting to uses Active Directory (AD), connect using thefollowing command:

gcloud compute sshDOMAIN\USERNAME@VM_NAME

Replace the following:

  • DOMAIN: your AD domain. For example the domain of thead.example.com AD, isexample.
  • USERNAME: your AD username. For example,cloudysanfrancisco.
  • VM_NAME: the name of the Windows VM that you want toconnect to.

What's next?

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-15 UTC.