How do you open an SSH Tunnel from a Windows client

I would like a Win machine to tunnel into an SSH server whenever the machine starts up. I also want the win machine to reboot the SSH program if it ever crashes. The lighterweight & more stable the SSH program, the more happier I am.

What options do I have with this?


Look at using srvany to launch the SSH client as a windows service. Then you can set the service to start up automatically when Windows start.

Essentially, srvany.exe will let you launch any program from the windows service control manager.


The PuTTY suite is probably your best bet, IMO. (Disclaimer: I'm biased as Simon Tatham is a friend of mine from university. Mind you, that means I know how meticulous he is...)


If you desire program restarting in case of disconnection, the best I know should be a software recommendation: AlwaysUp (not free on May 2015).

It is still lighweight, 4.2MB installer and a not too big memory consumer:

C:\>tasklist | find "always" /i
AlwaysUp.exe                  3112 Console                    1    17.388 KB

When converting to service, Stability (or just making the service work) with SrvAny or SC can be a nightmare. AlwaysUp, as long as I have tested, solves most problems and give you extra options like a detailed log, statistics, email alerts... etc.


PuTTy is best option for sure, but it doesn't support auto restart. Personally I use ssh tunnels a lot, I have more than 30 tunnels. I wanted to have a script which can be easily cnfigurable and maintainable, so I came up with a PowerShell script for that. Posted here. SO rules dictates me to publish solution in answer as well, so happy to do that:

To start using it you need a config like this:

# LocalPort TargetHost  TargetPort  SshHost SshUsername SshKeyPath 
18080  80 User    D:\secure\path\to\private_key.ppk

Save it as a config.csv. And use a powershell script to keep it up is:

  Powershell script for keeping ssh tunnel up and running

  This script uses configuration of tunnels located in config.csv. For more information visit

  Version:        1.0
  Author:         Anton Shkuratov
  Creation Date:  2019-03-13
  Purpose/Change: Initial script development


$currentDir = $PSScriptRoot
if (-not $env:PATH.Contains($currentDir)) {

# Check plink is accessible
try {
  Start-Process plink.exe -WindowStyle Hidden
} catch {
  Write-Host Error running plink.exe Please make sure its path is in PATH environment variable
  EXIT 1

# Parse config
$config = [System.IO.File]::ReadAllLines("$currentDir\config.csv");
$bindings = New-Object System.Collections.ArrayList
$regex = New-Object System.Text.RegularExpressions.Regex("(\d)+\s([^ ]+)\s(\d+)\s([^ ]+)\s([^ ]+)\s([^ ]+)", [System.Text.RegularExpressions.RegexOptions]::IgnoreCase);
$keyPasswords = @{}
$procs = @{}

foreach($line in $config) {
  $match = $regex.Match($line)

  if ($match.Success) {
    $sshKey = $match.Groups[6];

      LocalPort = $match.Groups[1];
      TargetHost = $match.Groups[2];
      TargetPort = $match.Groups.Groups[3];
      SshHost = $match.Groups[4];
      SshUser = $match.Groups[5];
      SshKey = $match.Groups[6];

    if (-not $keyPasswords.ContainsKey($sshKey)) {
      $pass = Read-Host "Please enter password for key (if set): $sshKey" -AsSecureString
      $keyPasswords.Add($sshKey, $pass);

# Starting Processes
function EnsureRunning($procs, $keyPasswords, $binding) {

  if ($procs.ContainsKey($binding) -and $procs[$binding].HasExited) {

    $proc = $procs[$binding]
    $sshKey = $binding.sshKey
    $out = $proc.StandardError.ReadToEnd()

    if ($out.Contains("Wrong passphrase")) {
      Write-Host "Wrong pass phrase for $sshKey, please re-enter"
      $pass = Read-Host "Please enter password for key: $sshKey" -AsSecureString
      $keyPasswords[$sshKey] = $pass;
    } else {
      $exitCode = $proc.ExitCode
      $tHost = $binding.sshHost

      Write-Host "Connection to $tHost is lost, exit code: $exitCode"

  if (-not $procs.ContainsKey($binding) -or $procs[$binding].HasExited) {
    $sshUser = $binding.SshUser
    $sshHost = $binding.SshHost
    $sshKey = $binding.SshKey
    $lPort = $binding.LocalPort
    $tPort = $binding.TargetPort
    $tHost = $binding.TargetHost
    $sshKeyPass = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($keyPasswords[$sshKey]))

    $psi = New-Object System.Diagnostics.ProcessStartInfo;
    $psi.FileName = "plink.exe";
    $psi.UseShellExecute = $false;

    $psi.CreateNoWindow = $true;
    $psi.RedirectStandardInput = $true;
    $psi.RedirectStandardError = $true;

    $psi.Arguments = "-ssh $sshUser@$sshHost -i `"$sshKey`" -batch -pw $sshKeyPass -L $lPort`:$tHost`:$tPort"

    $proc = [System.Diagnostics.Process]::Start($psi);

    Start-Sleep 1

    if (-not $proc.HasExited) {
      Write-Host Connected to $sshUser@$sshHost

    $procs[$binding] = $proc;

function EnsureAllRunning($procs, $keyPasswords, $bindings) {
  while($true) {
    foreach($binding in $bindings) {
      EnsureRunning $procs $keyPasswords $binding
    Start-Sleep 1

try {
  # Waiting for exit command
  Write-Host Working... Press Ctrl+C to stop execution...
  EnsureAllRunning $procs $keyPasswords $bindings
} finally {
  # Clean up
  Write-Host Clean up

  foreach($proc in $procs.Values) {
    if ($proc -ne $null -and -not $proc.HasExited) {

Then just run it with:

powershell -File autossh.ps1

