SSH into Pods from Windows PowerShell

Name: Podstack GPU Cloud
Brand: Podstack
SKU: PODSTACK-GPU-CLOUD
Availability: InStock
Rating: 4.9 (180 reviews)

The standard SSH instructions work as-is on Linux, macOS, and Git Bash on Windows. Windows PowerShell needs a little extra setup: it routes the connection through Podstack’s SSH proxy using OpenSSL, which isn’t installed on Windows by default.

This guide configures PowerShell to recognize Podstack’s SSH proxy so you can connect with a normal ssh command. The whole process is a one-time setup.

Prerequisites

An active Podstack account with a running pod that has ENABLE_SSH=true
Your SSH public key uploaded in SSH Keys and selected on the pod
Your SSH private key file saved locally (for example in C:\Users\<username>\.ssh\)
Windows 10 or 11 with PowerShell

Step 1 — Add the SSH Configuration

Open PowerShell and run the script below. It locates your OpenSSL install automatically — if you don’t have OpenSSL yet, do Step 2 first, then come back and run this.

The script writes your SSH config to:

C:\Users\<username>\.ssh\config

$sshDir = "$env:USERPROFILE\.ssh"
if (-not (Test-Path $sshDir)) { New-Item -ItemType Directory -Path $sshDir -Force | Out-Null }
$openssl = Get-ChildItem -Path "C:\Program Files","C:\Program Files (x86)","$env:LOCALAPPDATA\Microsoft\WinGet" -Recurse -Filter openssl.exe -ErrorAction SilentlyContinue | Select-Object -First 1 -ExpandProperty FullName
if (-not $openssl) {
    Write-Error "openssl.exe still not found anywhere - reinstall: winget install FireDaemon.OpenSSL"
} else {
    $config = "# Podstack SSH Configuration`r`nHost *.cloud.podstack.ai`r`n    ProxyCommand `"$openssl`" s_client -quiet -servername %h -connect %h:443`r`n    StrictHostKeyChecking no`r`n    UserKnownHostsFile /dev/null"
    Set-Content -Path "$sshDir\config" -Encoding ascii -Value $config
    Write-Host "Wrote config using $openssl"
}

When it succeeds you’ll see Wrote config using ... printed with the path to the OpenSSL executable it found. If you see the openssl.exe still not found error instead, complete Step 2 and run this script again.

Step 2 — Install OpenSSL (if not installed)

OpenSSL provides the s_client proxy that tunnels your SSH connection through port 443. Install it before Step 1, then confirm the executable exists.

# Install FireDaemon OpenSSL (Windows 10/11)
winget install FireDaemon.OpenSSL

winget does not add OpenSSL to your PATH, so the install location has to be discovered. The script in Step 1 does this automatically, but you can verify it yourself:

# Locate the executable (Step 1's script picks this path up automatically)
Get-ChildItem "C:\Program Files\FireDaemon*" -Recurse -Filter openssl.exe -ErrorAction SilentlyContinue | Select-Object FullName

Once OpenSSL is installed, return to Step 1 and run the configuration script.

Step 3 — Connect to Your Pod

After the configuration is written, connect using the command below. Replace <key_name> with your private key filename (for example id_rsa or id_ed25519), and use the SSH host shown on your pod’s detail page.

ssh -i ~/.ssh/<key_name> podstack@ssh-<subdomain>.cloud.podstack.ai

For example, a pod with the subdomain bphbp would be:

ssh -i ~/.ssh/id_ed25519 podstack@ssh-bphbp.cloud.podstack.ai

podstack is the default username for all Podstack templates.
ssh-<subdomain>.cloud.podstack.ai is unique per pod — copy it from the SSH Access section on the pod detail page.

Important: Your private key file must have restricted permissions. Run this before connecting:
chmod 400 ~/.ssh/<key_name>

Note: Make sure you’ve uploaded your SSH public key in the SSH Keys section and selected it on the pod before connecting.

Quick Reference

Action	Command
Install OpenSSL	`winget install FireDaemon.OpenSSL`
Find openssl.exe	`Get-ChildItem "C:\Program Files\FireDaemon*" -Recurse -Filter openssl.exe -ErrorAction SilentlyContinue \| Select-Object FullName`
Fix key permissions	`chmod 400 ~/.ssh/<key_name>`
Connect to pod	`ssh -i ~/.ssh/<key_name> podstack@ssh-<subdomain>.cloud.podstack.ai`

Common Issues

openssl.exe still not found anywhere

OpenSSL isn’t installed, or winget placed it somewhere the script didn’t scan. Run winget install FireDaemon.OpenSSL, then re-run the Step 1 script.

Permission denied (publickey)

The private key you’re passing with -i doesn’t match the public key selected on the pod. Confirm the key in SSH Keys and your local filename.
Fix overly-open key permissions: chmod 400 ~/.ssh/<key_name>.

Connection refused

The pod isn’t fully running yet — wait for status Running.
Verify ENABLE_SSH=true was set in environment variables when launching the pod.

Host key verification failed

Happens when a pod is recreated and reuses the same subdomain. The config above already sets StrictHostKeyChecking no and UserKnownHostsFile /dev/null, which avoids this — if you customized the config, clear the cached host key with ssh-keygen -R ssh-<subdomain>.cloud.podstack.ai.

For more troubleshooting, see Connecting to Pods.

Next Steps

New to SSH on Podstack? Watch the full SSH Tutorial (Video) for macOS, Linux, and Git Bash.
Explore Connecting to Pods for Jupyter, web terminal, exposed ports, and file transfer.
Set up additional SSH Keys for teammates.