Comparison of SSH clients

Last updated

An SSH client is a software program which uses the secure shell protocol to connect to a remote computer. This article compares a selection of notable clients.

Contents

General

NameDeveloperInitial releasePlatformLatest release License GUI TUI/CLI
VersionDate
AbsoluteTelnet Celestial Software (Brian Pence)1996Windows11.24 [1]   OOjs UI icon edit-ltr-progressive.svg 2020-08-13 Proprietary Check-green.svgDark Red x.svg
Bitvise SSH ClientBitvise Limited2001Windows9.32 [2] [3]   OOjs UI icon edit-ltr-progressive.svg 2023-12-20 Proprietary Check-green.svgCheck-green.svg
ConnectBot Kenny Root
Jeffrey Sharkey		2007-11 [a] Android1.9.10 [4]   OOjs UI icon edit-ltr-progressive.svg 2023-12-21 Apache-2.0  ? ?
Dropbear Matt Johnston2003-04-06AIX2024.86 [5]   OOjs UI icon edit-ltr-progressive.svg 2024-10-22 MIT Dark Red x.svgCheck-green.svg
BSD
Cygwin
Linux
HP-UX
iOS
Maemo
macOS
Solaris
OpenSSH [b] The OpenBSD project1999-12-01 [c] AIX9.9 [6]   OOjs UI icon edit-ltr-progressive.svg 2024-09-19 BSD Dark Red x.svgCheck-green.svg
Android
BSD
Cygwin
Linux
HP-UX
iOS
Maemo
OpenVMS
macOS
Solaris
Windows
z/OS
PuTTY Simon Tatham 1999-01-22BSD0.82 [7]   OOjs UI icon edit-ltr-progressive.svg 2024-11-27 MIT Check-green.svgCheck-green.svg
Linux
macOS
Solaris
Windows
SecureCRT VanDyke Software1998–06Linux9.3.1 [8]   OOjs UI icon edit-ltr-progressive.svg 2022-12-06 Proprietary Check-green.svgDark Red x.svg
macOS9.3.1 [8]   OOjs UI icon edit-ltr-progressive.svg 2022-12-06
iOS2.4.3 [9]   OOjs UI icon edit-ltr-progressive.svg 2021-12-13
Windows9.3.1 [8]   OOjs UI icon edit-ltr-progressive.svg 2022-12-06
Tera Term TeraTerm Project2004 [d] Windows5.3 [10]   OOjs UI icon edit-ltr-progressive.svg 2024-09-08 BSD-3-Clause Check-green.svgDark Red x.svg
TN3270 Plus SDI USA, Inc.2006Windows4.0.7 [11]   OOjs UI icon edit-ltr-progressive.svg 2019-02 Proprietary Check-green.svgDark Red x.svg
WinSCP Martin Přikryl2000Windows6.3.32024-04-16GNU GPLCheck-green.svg ?
wolfSSH wolfSSL 2016-07-20 [e] BSD1.4.19 [12]   OOjs UI icon edit-ltr-progressive.svg 2024-11-01 GPL-3.0-or-later [f] Dark Red x.svgCheck-green.svg
Cygwin
Linux
macOS
Solaris
Windows
ZOC Terminal EmTec, Innovative Software1995-07-01macOS8.10.0 [13]   OOjs UI icon edit-ltr-progressive.svg 2025-01-23 Proprietary Check-green.svgCheck-green.svg
OS/24.15 [14]   OOjs UI icon edit-ltr-progressive.svg 2004-08-25
Windows8.10.0 [13]   OOjs UI icon edit-ltr-progressive.svg 2025-01-23
  1. Based on Trilead SSH-2 for Java.
  2. Also known as OpenBSD Secure Shell.
  3. Based on OSSH.
  4. Based on Tera Term Pro 2.3 (1994–1998).
  5. Based on wolfCrypt.
  6. Also available under a proprietary license.

Platform

The operating systems or virtual machines the SSH clients are designed to run on without emulation include several possibilities:

The list is not exhaustive, but rather reflects the most common platforms today.

Name macOS Windows Cygwin BSD Linux Solaris OpenVMS z/OS AIX HP-UX iOS Android Maemo Windows Phone
AbsoluteTelnet NoYesNoNoNoNoNoNoNoNoNoNoNo ?
Bitvise SSH ClientNoYesNoNoNoNoNoNoNoNoNoNoNoNo
ConnectBot NoNoNoNoNoNoNoNoNoNoNoYesNoNo
Dropbear YesNoYesYesYesYes ? ?YesYesYes [a] NoYes ?
lsh YesNoNoPartial [b] YesYes ? ?NoNoNoNoNo ?
OpenSSH [c] IncludedIncluded [d] IncludedIncludedIncluded [e] YesYesYesYesYesYes [a] YesYes ?
PuTTY PartialYes ?YesYesYes ? ?NoNoNoNoNo Beta
SecureCRT YesYesNoNoYesNoNoNoNoNoYesNoNo ?
SmartFTP NoYesNoNoNoNoNoNoNoNoNoNoNo ?
Tera Term NoYesNoNoNoNoNoNoNoNoNoNoNo ?
TN3270 Plus NoYesNoNoNoNoNoNoNoNoNoNoNo ?
WinSCP NoYesNoNoNoNoNoNoNoNoYes [a] NoNo ?
wolfSSH YesYesYesYesYesYesNoNoNoNoNoNoNoNo
ZOC Terminal YesYesNoNoNoNoNoNoNoNoNoNoNo ?
Name macOS Windows Cygwin BSD Linux Solaris OpenVMS z/OS AIX HP-UX iOS Android Maemo Windows Phone
  1. 1 2 3 Only for jailbroken devices.
  2. lsh supports only one BSD platform officially, FreeBSD.
  3. Also known as OpenBSD Secure Shell.
  4. Included and enabled by default since windows 10 version 1803. Win32-OpenSSH can be installed as an optional component in the Windows versions before Windows 10 version 1803 to Windows 10 version 1709. Portable version can be download from Win32-OpenSSH for other versions.
  5. The majority of Linux distributions have OpenSSH as an official package, but a few do not.

Technical

NameSSH1
(insecure)		SSH2Additional protocols Port forwarding and Tunneling Session
multiplexing
[a] 		Kerberos IPv6 Terminal SFTP/SCP Proxy client [b]
TELNET rlogin Port
forwarding 		SOCKS
[c] 		VPN
[d]
AbsoluteTelnet yesYesYesNoYesYesNoYesYesYesYesYesSOCKS 4, 5; HTTP
Bitvise SSH ClientnoYesNoNoYesYesYesYesYesYesYesYesSOCKS 4, 5
Dropbear noYesNoNoYesNoNoNoNoYesYesYes ?
lsh noYesYesNoYesYesNoYesNoYesYesYes ?
OpenSSH [e] no [f] YesNoNoYesYesYesYesYesYesYesYesProxyCommand
PuTTY yesYesYesYesYesYesNoYesYes [g] YesYesYes [h] SOCKS 4, 5; HTTP; Telnet; Local
SecureCRT yesYesYesYesYesYesNoYesYesYesYesYesSOCKS 4, 5; HTTP; Telnet; Generic
SmartFTP noYesYesNoNoNoNoNoYesYesYesYesSOCKS 4, 5; HTTP
Tera Term yesYesYesNoYesNoNoNoNoYesYesSCPSOCKS 4, 5; HTTP; Telnet
TN3270 Plus yesYesYesNoNoYesNoYesNoYesYesNoSOCKS 4
WinSCP [i] no [j] YesNoNolimited [k] NoNoNoYesYessimpleYesSOCKS 4, 5; HTTP; Telnet; Local
wolfSSH noYesNoNoYesNoNoNoNoYessimpleYesNo
ZOC Terminal yesYesYesYesYesYesNoNoYesYesYesYes [l] [m] SOCKS 4; 5; HTTP; Jumpserver
NameSSH1
(insecure)		SSH2Additional protocols Tunneling Session
multiplexing
[a] 		Kerberos IPv6 Terminal SFTP/SCP Proxy client [b]
TELNET rlogin Port
forwarding 		SOCKS
[c] 		VPN
[d]
  1. 1 2 Accelerating OpenSSH connections with ControlMaster.
  2. 1 2 Can the SSH client connect itself through a proxy? This is distinct from offering a SOCKS proxy or port forwarding.
  3. 1 2 The ability for the SSH client to perform dynamic port forwarding by acting as a local SOCKS proxy.
  4. 1 2 The ability for the SSH client to establish a VPN, e.g. using TUN/TAP.
  5. Also known as OpenBSD Secure Shell.
  6. OpenSSH deleted SSH protocol version 1 support in version 7.6 (2017-10-03)
  7. The version 0.63 supports GSSAPI. Successfully tested on Win 8 using Active Directory
  8. The PuTTY developers provide SCP and SFTP functionality as binaries for separate download.
  9. WinSCP bundles a number of software components including PuTTY. .
  10. WinSCP Version history.
  11. WinSCP connection tunneling.
  12. SCP and SFTP through terminal.
  13. SCP and SFTP according to ZOC features page.

Features

NameKeyboard mapping Session tabs ZMODEM transfersFind text in bufferMouse input support [a] Unicode supportURL hyperlinking Public key authentication Smart card supportHardware encryption FIPS 140-2 validationScriptingShared DatabaseAuto-reconnectCA Certificates
AbsoluteTelnet fullYesYesYesYesYesYesYesYes ?YesYes ? ? ?
Bitvise SSH Client ?NoNoNoYesYesNoYesNo ?PartialYesNoYesNo
OpenSSH [b]  ?NoNo ?Yes [c] Yesnot native [d] YesYesYesPartial [e] NoNo ?Yes [f]
PuTTY NoNo [g] NoNoYesYesNo [h] YesNoYesNoNoNoNoNo [i]
SecureCRT YesYesYesYesYesYesYesYesYesNoYesYesNo ? ?
SmartFTP PartialYesNoYesYesYesYesYesYes AES-NI YesNo ? ? ?
Tera Term YesYesYesNoYesYesYesYesNoNoNoYesNo ? ?
TN3270 Plus YesYesNoNoNoNoYesYesNoNoNoYes ? ? ?
wolfSSH NoNoNoNoNoYesNoYesNoYesYesNoNoNoYes
ZOC Terminal fullYesYesYesYesYesYesYesYesNoNoYes ? ? ?
  1. The ability to transmit mouse input to text mode applications such as Midnight Commander
  2. Also known as OpenBSD Secure Shell.
  3. Only when the terminal itself supports mouse input. Most graphical ones do, e.g. xterm.
  4. No native URL highlighting; however most graphical consoles support URL highlighting.
  5. Validated when running OpenSSH 2.1 on Red Hat Enterprise Linux 6.2 in FIPS mode or when running OpenSSH 1.1 on Red Hat Enterprise Linux 5 in FIPS mode
  6. OpenSSH supports the minimal certificate format since v5.4. "OpenSSH Release Notes: 5.4". OpenBSD Project. 2010-03-08. Retrieved 2021-08-30.
  7. PuTTY does not support tabs directly, but many wrappers are available that do.
  8. Putty v71.0 does not support OpenSSH certificates. See Ben Harris' 2016-04-21 wish. [15] [16]

Authentication key algorithms

This table lists standard authentication key algorithms implemented by SSH clients. Some SSH implementations include both server and client implementations and support custom non-standard authentication algorithms not listed in this table.

Namessh-dss [a] ssh-rsa RSA with SHA-2 ECDSA with SHA-2 EdDSA Security keys
rsa-sha2-256rsa-sha2-512ecdsa-sha2-nistp256ecdsa-sha2-nistp384ecdsa-sha2-nistp521ssh-ed25519ssh-ed448sk-ecdsa-sha2-nistp256sk-ssh-ed25519
AbsoluteTelnet YesYesYesYesYesYesYesYesNoNoNo
Bitvise SSH Client ? ? ? ? ? ? ? ? ?
Dropbear YesYesYesNoYesYesYesYes ?
lsh  ? ? ? ? ? ? ? ? ?
OpenSSH [b] Yes [c] YesYesYesYesYesYesYesNoYesYes
PuTTY YesYesYesYesYesYesYesYesYesNo [d] No [d]
SecureCRT YesYesYesYesYesYesYesYes ?
SmartFTP YesYesYesYesYesYesYesYesNoNoNo
Tera Term  ? ? ? ? ? ? ? ? ?
TN3270 Plus  ? ? ? ? ? ? ? ? ?
WinSCP NoYesYesYesYesYesYes ? ?
wolfSSH NoYesYesYesYesYesYesNoNoNoNo
ZOC Terminal [e] YesYesYesYesYesYesYesYesNo
Namessh-dssssh-rsarsa-sha2-256rsa-sha2-512ecdsa-sha2-nistp256ecdsa-sha2-nistp384ecdsa-sha2-nistp521ssh-ed25519ssh-ed448sk-ecdsa-sha2-nistp256sk-ssh-ed25519
RSA with SHA-2 ECDSA with SHA-2 EdDSA Security keys
  1. ssh-dss is based on Digital Signature Algorithm which is sensitive to entropy, secrecy, and uniqueness of its random signature value.
  2. Also known as OpenBSD Secure Shell.
  3. By default, disabled at run-time since OpenSSH 7.0 released in 2015.
  4. 1 2 PuTTY does not support security keys / FIDO tokens, but is supported in PuTTY-CAC
  5. ZOC' SSH is based on OpenSSH and supports the same encryptions.

See also

Related Research Articles

The Secure Shell Protocol is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.

Telnet is a client/server application protocol that provides access to virtual terminals of remote systems on local area networks or the Internet. It is a protocol for bidirectional 8-bit communications. Its main goal was to connect terminal devices and terminal-oriented processes.

rsync File synchronization protocol and software

rsync is a utility for transferring and synchronizing files between a computer and a storage drive and across networked computers by comparing the modification times and sizes of files. It is commonly found on Unix-like operating systems and is under the GPL-3.0-or-later license.

In computing, the SSH File Transfer Protocol, also known as Secure File Transfer Protocol (SFTP), is a network protocol that provides file access, file transfer, and file management over any reliable data stream. It was designed by the Internet Engineering Task Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0 to provide secure file transfer capabilities, and is seen as a replacement of File Transfer Protocol (FTP) due to superior security. The IETF Internet Draft states that, even though this protocol is described in the context of the SSH-2 protocol, it could be used in a number of different applications, such as secure file transfer over Transport Layer Security (TLS) and transfer of management information in VPN applications.

cURL is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various network protocols. The name stands for "Client for URL".

Secure copy protocol (SCP) is a means of securely transferring computer files between a local host and a remote host or between two remote hosts. It is based on the Secure Shell (SSH) protocol. "SCP" commonly refers to both the Secure Copy Protocol and the program itself.

<span class="mw-page-title-main">PuTTY</span> Free and open-source terminal emulator, serial console and network file transfer application

PuTTY is a free and open-source terminal emulator, serial console and network file transfer application. It supports several network protocols, including SCP, SSH, Telnet, rlogin, and raw socket connection. It can also connect to a serial port. The name "PuTTY" has no official meaning.

<span class="mw-page-title-main">Far Manager</span> File and archive manager for Microsoft Windows

Far Manager is an orthodox file manager for Microsoft Windows and is a clone of Norton Commander. Far Manager uses the Win32 console and has a keyboard-oriented user interface.

sftp is a command-line interface client program to transfer files using the SSH File Transfer Protocol (SFTP), which runs inside the encrypted Secure Shell connection.

<span class="mw-page-title-main">WinSCP</span> File transfer software for Windows

WinSCP is a file manager, SSH File Transfer Protocol (SFTP), File Transfer Protocol (FTP), WebDAV, Amazon S3, and secure copy protocol (SCP) client for Microsoft Windows. The WinSCP project has released its source code on GitHub under an open source license, while the program itself is distributed as proprietary freeware.

<span class="mw-page-title-main">Xming</span> X11 display server for Windows

Xming is an X11 display server for Microsoft Windows operating systems, including Windows XP and later.

Secure Shell (SSH) is a protocol allowing secure remote login to a computer on a network using public-key cryptography. SSH client programs typically run for the duration of a remote login session and are configured to look for the user's private key in a file in the user's home directory. For added security, it is common to store the private key in an encrypted form, where the encryption key is computed from a passphrase that the user has memorized. Because typing the passphrase can be tedious, many users would prefer to enter it just once per local login session. The most secure place to store the unencrypted key is in program memory, and in Unix-like operating systems, memory is normally associated with a process. A normal SSH client process cannot be used to store the unencrypted key because SSH client processes only last the duration of a remote login session. Therefore, users run a program called ssh-agent that runs beyond the duration of a local login session, stores unencrypted keys in memory, and communicates with SSH clients using a Unix domain socket.

<span class="mw-page-title-main">SSHFS</span>

SSHFS is a filesystem client to mount and interact with directories and files located on a remote server or workstation over a normal ssh connection. The client interacts with the remote file system via the SSH File Transfer Protocol (SFTP), a network protocol providing file access, file transfer, and file management functionality over any reliable data stream that was designed as an extension of the Secure Shell protocol (SSH) version 2.0.

Dropbear is a software package written by Matt Johnston that provides a Secure Shell-compatible server and client. It is designed as a replacement for standard OpenSSH for environments with low memory and processor resources, such as embedded systems. It is a core component of OpenWrt and other router distributions.

<span class="mw-page-title-main">ZOC (software)</span>

ZOC is a popular computer-based terminal emulator and Telnet software client for the Microsoft Windows and Apple Macintosh macOS operating systems that supports telnet, modem, SSH 1 and 2, ISDN, serial, TAPI, Rlogin and other means of communication. Its terminal emulator supports Xterm emulation with full colors, meta-keys and local printing, VT102, VT220 and several types of ANSI as well as Wyse, TVI, TN3270, and Sun's CDE. It supports full keyboard remapping, scripting in REXX and other languages, and support for named pipes.

<span class="mw-page-title-main">SecureCRT</span> Telnet client by VanDyke Software

SecureCRT is a commercial SSH and Telnet client and terminal emulator by VanDyke Software. Originally a Windows product, VanDyke later added a Mac OS X version in 2010 with release v6.6 and a Linux version in 2011 with release v6.7.

An SSH server is a software program which uses the Secure Shell protocol to accept connections from remote computers. SFTP/SCP file transfers and remote terminal connections are popular use cases for an SSH server.

<span class="mw-page-title-main">OpenSSH</span> Set of computer programs providing encrypted communication sessions

OpenSSH is a suite of secure networking utilities based on the Secure Shell (SSH) protocol, which provides a secure channel over an unsecured network in a client–server architecture.

CopSSH is an implementation of OpenSSH for Windows. CopSSH offers both SSH client and server functionality and can be used for remote administration of Windows systems. CopSSH contains DLLs from the Cygwin Linux environment and a version of OpenSSH compiled from Cygwin. An administration GUI is also provided as of version 4.0.0.

Bitvise is a proprietary secure remote access software developed for Windows and available as a client and server. The software is based on the Secure Shell (SSH) protocol, which provides a secure channel over an insecure network in a client-server architecture.

References

  1. "AbsoluteTelnet/SSH Version History".
  2. "Bitvise SSH Client Version History". 20 December 2023.
  3. "Bitvise SSH Server Version History". 20 December 2023.
  4. "Release 1.9.10". 21 December 2023. Retrieved 19 January 2024.
  5. "Dropbear 2024.86". 22 October 2024. Retrieved 4 January 2025.
  6. "release-9.9" . Retrieved 20 September 2024.
  7. Simon Tatham (27 November 2024). "PuTTY 0.82 is released" . Retrieved 27 November 2024.
  8. 1 2 3 "SecureCRT 9.3.1". 6 December 2022.
  9. "SecureCRT on the App Store" . Retrieved 30 January 2023.
  10. "Release 5.3". 8 September 2024. Retrieved 8 September 2024.
  11. "TN3270 Plus Version History". February 2019.
  12. "Release 1.4.19". 1 November 2024. Retrieved 29 November 2024.
  13. 1 2 "ZOC Terminal – SSH/Telnet-Client and Terminal Emulator – Version History". 8 April 2024.
  14. "ZOC V4.15". 25 August 2004.
  15. "ssh2-openssh-certkeys.html".
  16. "ssh2-openssh-certkeys".
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.