Comparison of SSH clients

Further information: Secure Shell

An SSH client is a software program which uses the secure shell protocol to connect to a remote computer. This article compares a selection of notable clients.

General

Name	Developer	Initial release	Platform	Latest release		License	GUI	TUI/CLI
				Version	Date
AbsoluteTelnet	Celestial Software (Brian Pence)	1996	Windows	11.24[1]	2020-08-13	Proprietary
Bitvise SSH Client	Bitvise Limited	2001	Windows	9.32[2][3]	2023-12-20	Proprietary
ConnectBot	Kenny Root Jeffrey Sharkey	2007-11[a]	Android	1.9.10[4]	2023-12-21	Apache-2.0	?	?
Dropbear	Matt Johnston	2003-04-06	AIX	2024.86[5]	2024-10-22	MIT
			BSD
			Cygwin
			Linux
			HP-UX
			iOS
			Maemo
			macOS
			Solaris
OpenSSH[b]	The OpenBSD project	1999-12-01[c]	AIX	10.0[6]	2025-04-09	BSD
			Android
			BSD
			Cygwin
			Linux
			HP-UX
			iOS
			Maemo
			OpenVMS
			macOS
			Solaris
			Windows
			z/OS
PuTTY	Simon Tatham	1999-01-22	BSD	0.83[7]	2025-02-08	MIT
			Linux
			macOS
			Solaris
			Windows
SecureCRT	VanDyke Software	1998–06	Linux	9.6.1[8]	2024-12-17	Proprietary
			macOS	9.6.1[8]	2024-12-17
			iOS	3.0.1[9]	2023-12-21
			Windows	9.6.1[8]	2024-12-17
Tera Term	TeraTerm Project	2004[d]	Windows	5.4.0[10]	2025-03-02	BSD-3-Clause
TN3270 Plus	SDI USA, Inc.	2006	Windows	4.0.7[11]	2019-02	Proprietary
WinSCP	Martin Přikryl	2000	Windows	6.3.3	2024-04-16	GNU GPL		?
wolfSSH	wolfSSL	2016-07-20[e]	BSD	1.4.20[12]	2025-02-20	GPL-3.0-or-later[f]
			Cygwin
			Linux
			macOS
			Solaris
			Windows
ZOC Terminal	EmTec, Innovative Software	1995-07-01	macOS	8.10.2[13]	2025-03-26	Proprietary
			OS/2	4.15[14]	2004-08-25
			Windows	8.10.2[13]	2025-03-26

1. Based on Trilead SSH-2 for Java.
2. Also known as OpenBSD Secure Shell.
3. Based on OSSH.
4. Based on Tera Term Pro 2.3 (1994–1998).
5. Based on wolfCrypt.
6. Also available under a proprietary license.

Platform

The operating systems or virtual machines the SSH clients are designed to run on without emulation include several possibilities:

• Partial indicates that while it works, the client lacks important functionality compared to versions for other OSs but may still be under development.

The list is not exhaustive, but rather reflects the most common platforms today.

Name	macOS	Windows	Cygwin	BSD	Linux	Solaris	OpenVMS	z/OS	AIX	HP-UX	iOS	Android	Maemo	Windows Phone
AbsoluteTelnet	No	Yes	No	No	No	No	No	No	No	No	No	No	No	?
Bitvise SSH Client	No	Yes	No	No	No	No	No	No	No	No	No	No	No	No
ConnectBot	No	No	No	No	No	No	No	No	No	No	No	Yes	No	No
Dropbear	Yes	No	Yes	Yes	Yes	Yes	?	?	Yes	Yes	Yes[a]	No	Yes	?
lsh	Yes	No	No	Partial[b]	Yes	Yes	?	?	No	No	No	No	No	?
OpenSSH[c]	Included	Included[d]	Included	Included	Included[e]	Yes	Yes	Yes	Yes	Yes	Yes[a]	Yes	Yes	?
PuTTY	Partial	Yes	?	Yes	Yes	Yes	?	?	No	No	No	No	No	Beta
SecureCRT	Yes	Yes	No	No	Yes	No	No	No	No	No	Yes	No	No	?
SmartFTP	No	Yes	No	No	No	No	No	No	No	No	No	No	No	?
Tera Term	No	Yes	No	No	No	No	No	No	No	No	No	No	No	?
TN3270 Plus	No	Yes	No	No	No	No	No	No	No	No	No	No	No	?
WinSCP	No	Yes	No	No	No	No	No	No	No	No	Yes[a]	No	No	?
wolfSSH	Yes	Yes	Yes	Yes	Yes	Yes	No	No	No	No	No	No	No	No
ZOC Terminal	Yes	Yes	No	No	No	No	No	No	No	No	No	No	No	?
Name	macOS	Windows	Cygwin	BSD	Linux	Solaris	OpenVMS	z/OS	AIX	HP-UX	iOS	Android	Maemo	Windows Phone

1. Only for jailbroken devices.
2. lsh supports only one BSD platform officially, FreeBSD.
3. Also known as OpenBSD Secure Shell.
4. Included and enabled by default since windows 10 version 1803. Win32-OpenSSH can be installed as an optional component in the Windows versions before Windows 10 version 1803 to Windows 10 version 1709. Portable version can be download from Win32-OpenSSH for other versions.
5. The majority of Linux distributions have OpenSSH as an official package, but a few do not.

Technical

Name	SSH1 (insecure)	SSH2	Additional protocols		Port forwarding and Tunneling			Session multiplexing [a]	Kerberos	IPv6	Terminal	SFTP/SCP	Proxy client[b]
			TELNET	rlogin	Port forwarding	SOCKS [c]	VPN [d]
AbsoluteTelnet	yes	Yes	Yes	No	Yes	Yes	No	Yes	Yes	Yes	Yes	Yes	SOCKS 4, 5; HTTP
Bitvise SSH Client	no	Yes	No	No	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	SOCKS 4, 5
Dropbear	no	Yes	No	No	Yes	No	No	No	No	Yes	Yes	Yes	?
lsh	no	Yes	Yes	No	Yes	Yes	No	Yes	No	Yes	Yes	Yes	?
OpenSSH[e]	no[f]	Yes	No	No	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	ProxyCommand
PuTTY	yes	Yes	Yes	Yes	Yes	Yes	No	Yes	Yes[g]	Yes	Yes	Yes[h]	SOCKS 4, 5; HTTP; Telnet; Local
SecureCRT	yes	Yes	Yes	Yes	Yes	Yes	No	Yes	Yes	Yes	Yes	Yes	SOCKS 4, 5; HTTP; Telnet; Generic
SmartFTP	no	Yes	Yes	No	No	No	No	No	Yes	Yes	Yes	Yes	SOCKS 4, 5; HTTP
Tera Term	yes	Yes	Yes	No	Yes	No	No	No	No	Yes	Yes	SCP	SOCKS 4, 5; HTTP; Telnet
TN3270 Plus	yes	Yes	Yes	No	No	Yes	No	Yes	No	Yes	Yes	No	SOCKS 4
WinSCP [i]	no[j]	Yes	No	No	limited[k]	No	No	No	Yes	Yes	simple	Yes	SOCKS 4, 5; HTTP; Telnet; Local
wolfSSH	no	Yes	No	No	Yes	No	No	No	No	Yes	simple	Yes	No
ZOC Terminal	yes	Yes	Yes	Yes	Yes	Yes	No	No	Yes	Yes	Yes	Yes[l][m]	SOCKS 4; 5; HTTP; Jumpserver
Name	SSH1 (insecure)	SSH2	Additional protocols		Tunneling			Session multiplexing [a]	Kerberos	IPv6	Terminal	SFTP/SCP	Proxy client[b]
			TELNET	rlogin	Port forwarding	SOCKS [c]	VPN [d]

1. Accelerating OpenSSH connections with ControlMaster.
2. Can the SSH client connect itself through a proxy? This is distinct from offering a SOCKS proxy or port forwarding.
3. The ability for the SSH client to perform dynamic port forwarding by acting as a local SOCKS proxy.
4. The ability for the SSH client to establish a VPN, e.g. using TUN/TAP.
5. Also known as OpenBSD Secure Shell.
6. OpenSSH deleted SSH protocol version 1 support in version 7.6 (2017-10-03)
7. The version 0.63 supports GSSAPI. Successfully tested on Win 8 using Active Directory
8. The PuTTY developers provide SCP and SFTP functionality as binaries for separate download.
9. WinSCP bundles a number of software components including PuTTY. .
10. WinSCP Version history.
11. WinSCP connection tunneling.
12. SCP and SFTP through terminal.
13. SCP and SFTP according to ZOC features page.

Features

Name	Keyboard mapping	Session tabs	ZMODEM transfers	Find text in buffer	Mouse input support[a]	Unicode support	URL hyperlinking	Public key authentication	Smart card support	Hardware encryption	FIPS 140-2 validation	Scripting	Shared Database	Auto-reconnect	CA Certificates
AbsoluteTelnet	full	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	?	Yes	Yes	?	?	?
Bitvise SSH Client	?	No	No	No	Yes	Yes	No	Yes	No	?	Partial	Yes	No	Yes	No
OpenSSH[b]	?	No	No	?	Yes[c]	Yes	not native[d]	Yes	Yes	Yes	Partial[e]	No	No	?	Yes[f]
PuTTY	No	No[g]	No	No	Yes	Yes	No[h]	Yes	No	Yes	No	No	No	No	No[i]
SecureCRT	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	Yes	Yes	No	?	?
SmartFTP	Partial	Yes	No	Yes	Yes	Yes	Yes	Yes	Yes	AES-NI	Yes	No	?	?	?
Tera Term	Yes	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No	No	Yes	No	?	?
TN3270 Plus	Yes	Yes	No	No	No	No	Yes	Yes	No	No	No	Yes	?	?	?
wolfSSH	No	No	No	No	No	Yes	No	Yes	No	Yes	Yes	No	No	No	Yes
ZOC Terminal	full	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No	Yes	?	?	?

1. The ability to transmit mouse input to text mode applications such as Midnight Commander
2. Also known as OpenBSD Secure Shell.
3. Only when the terminal itself supports mouse input. Most graphical ones do, e.g. xterm.
4. No native URL highlighting; however most graphical consoles support URL highlighting.
5. Validated when running OpenSSH 2.1 on Red Hat Enterprise Linux 6.2 in FIPS mode or when running OpenSSH 1.1 on Red Hat Enterprise Linux 5 in FIPS mode
6. OpenSSH supports the minimal certificate format since v5.4. "OpenSSH Release Notes: 5.4". OpenBSD Project. 2010-03-08. Retrieved 2021-08-30.
7. PuTTY does not support tabs directly, but many wrappers are available that do.
8. PuTTY does not support hyperlinks, but some forks of PuTTY do.
9. Putty v71.0 does not support OpenSSH certificates. See Ben Harris' 2016-04-21 wish.^[15][16]

Authentication key algorithms

This table lists standard authentication key algorithms implemented by SSH clients. Some SSH implementations include both server and client implementations and support custom non-standard authentication algorithms not listed in this table.

Name	ssh-dss[a]	ssh-rsa	RSA with SHA-2		ECDSA with SHA-2			EdDSA		Security keys
			rsa-sha2-256	rsa-sha2-512	ecdsa-sha2-nistp256	ecdsa-sha2-nistp384	ecdsa-sha2-nistp521	ssh-ed25519	ssh-ed448	sk-ecdsa-sha2-nistp256	sk-ssh-ed25519
AbsoluteTelnet	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No	No
Bitvise SSH Client	?	?	?	?	?	?	?	?	?
Dropbear	Yes	Yes	Yes	No	Yes	Yes	Yes	Yes	?
lsh	?	?	?	?	?	?	?	?	?
OpenSSH[b]	Yes[c]	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	Yes	Yes
PuTTY	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No[d]	No[d]
SecureCRT	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	?
SmartFTP	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No	No	No
Tera Term	?	?	?	?	?	?	?	?	?
TN3270 Plus	?	?	?	?	?	?	?	?	?
WinSCP	No	Yes	Yes	Yes	Yes	Yes	Yes	?	?
wolfSSH	No	Yes	Yes	Yes	Yes	Yes	Yes	No	No	No	No
ZOC Terminal[e]	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No
Name	ssh-dss	ssh-rsa	rsa-sha2-256	rsa-sha2-512	ecdsa-sha2-nistp256	ecdsa-sha2-nistp384	ecdsa-sha2-nistp521	ssh-ed25519	ssh-ed448	sk-ecdsa-sha2-nistp256	sk-ssh-ed25519
			RSA with SHA-2		ECDSA with SHA-2			EdDSA		Security keys

1. ssh-dss is based on Digital Signature Algorithm which is sensitive to entropy, secrecy, and uniqueness of its random signature value.
2. Also known as OpenBSD Secure Shell.
3. By default, disabled at run-time since OpenSSH 7.0 released in 2015.
4. PuTTY does not support security keys / FIDO tokens, but is supported in PuTTY-CAC
5. ZOC' SSH is based on OpenSSH and supports the same encryptions.

See also

• Comparison of SSH servers
• Comparison of FTP client software
• Comparison of remote desktop software