SSH Public Key Authentication Client Setup (Windows/Linux)
Overview
Section titled “Overview”This article explains how to configure SSH public key authentication on the client side for secure server access. The instructions apply to both Windows and Linux environments.
Prerequisites
Section titled “Prerequisites”- SSH client is pre-installed (Windows 10 or later, Linux default)
- The target server allows public key authentication
- The user account exists on the server
Key Types and Encryption Methods
Section titled “Key Types and Encryption Methods”SSH supports several key types, such as RSA, ECDSA, and Ed25519. The following table compares their characteristics, recommended use cases, and compatibility.
| Key Type | Features | Recommended Use | Compatibility |
|---|---|---|---|
| RSA | Widely used, adjustable key length, high versatility | Legacy systems or high-compatibility environments | Very High |
| ECDSA | Uses elliptic curve cryptography, faster with shorter keys | Performance-oriented environments | Moderate |
| Ed25519 | Modern standard, fast, highly secure, small key size | New deployments, security-critical systems | Supported on OpenSSH 6.5+ |
Recommendation: Ed25519 is the preferred standard. It provides better security and performance, while RSA remains widely used for compatibility.
Variable Conventions
Section titled “Variable Conventions”The following variables are used in examples. Replace them with your actual environment values.
| Variable | Example | Description |
|---|---|---|
<<USERNAME>> | exampleuser | Your local login username |
<<SERVER>> | 192.168.1.10 | Target host or IP address |
<<USER>> | ubuntu or ec2-user | SSH username on the server |
<<EMAIL_ADDRESS>> | user@example.com | Optional comment for key identification |
Note for Windows Users
The Windows commands in this article assume PowerShell.
If using Command Prompt, replace$env:USERPROFILEwith%USERPROFILE%.
Windows Client Setup
Section titled “Windows Client Setup”Step 1: Generate SSH Key Pair
Section titled “Step 1: Generate SSH Key Pair”Open PowerShell as Administrator and run:
ssh-keygen -t ed25519 -C "<<EMAIL_ADDRESS>>"Example output:
Generating public/private ed25519 key pair.Enter file in which to save the key (/C:/Users/<<USERNAME>>/.ssh/id_ed25519):Enter passphrase (empty for no passphrase):- Public Key:
$env:USERPROFILE\.ssh\id_ed25519.pub - Private Key:
$env:USERPROFILE\.ssh\id_ed25519
Step 2: Copy Public Key to Server
Section titled “Step 2: Copy Public Key to Server”cat $env:USERPROFILE\.ssh\id_ed25519.pub | ssh <<USER>>@<<SERVER>> "mkdir -p ~/.ssh; cat >> ~/.ssh/authorized_keys; chmod 600 ~/.ssh/authorized_keys"Alternatively, manually paste the content of .pub into the server’s ~/.ssh/authorized_keys.
Step 3: Verify Connection
Section titled “Step 3: Verify Connection”ssh -i $env:USERPROFILE\.ssh\id_ed25519 <<USER>>@<<SERVER>>Linux Client Setup
Section titled “Linux Client Setup”Step 1: Generate SSH Key Pair
Section titled “Step 1: Generate SSH Key Pair”ssh-keygen -t ed25519 -C "<<EMAIL_ADDRESS>>"- Public Key:
~/.ssh/id_ed25519.pub - Private Key:
~/.ssh/id_ed25519
Step 2: Register Public Key on Server
Section titled “Step 2: Register Public Key on Server”Use ssh-copy-id for automated setup:
ssh-copy-id -i ~/.ssh/id_ed25519.pub <<USER>>@<<SERVER>>Or manually append the public key to ~/.ssh/authorized_keys.
Step 3: Verify Connection
Section titled “Step 3: Verify Connection”ssh -i ~/.ssh/id_ed25519 <<USER>>@<<SERVER>>Using Passphrase-Protected Keys
Section titled “Using Passphrase-Protected Keys”If you generated a key with a passphrase, configure an SSH agent to avoid entering it every time.
The agent securely stores private keys in memory and automatically signs authentication requests.
Step 1: Start SSH Agent
Section titled “Step 1: Start SSH Agent”Windows:
Set-Service -Name ssh-agent -StartupType ManualStart-Service ssh-agentLinux:
eval "$(ssh-agent -s)"Auto-Start Configuration
Section titled “Auto-Start Configuration”Windows:
Set-Service -Name ssh-agent -StartupType AutomaticLinux:
Add the following to ~/.bashrc or ~/.profile:
eval "$(ssh-agent -s)" > /dev/nullStep 2: Add Key to Agent
Section titled “Step 2: Add Key to Agent”Windows:
ssh-add $env:USERPROFILE\.ssh\id_ed25519Linux:
ssh-add ~/.ssh/id_ed25519Step 3: Verify Registration
Section titled “Step 3: Verify Registration”ssh-add -lYou should see the fingerprint of your registered key.
SSH Config File for Simplified Access
Section titled “SSH Config File for Simplified Access”Avoid repetitive command typing by creating an SSH config file.
Path:
- Linux:
~/.ssh/config - Windows:
C:\Users\<<USERNAME>>\.ssh\config
Example Configuration
Section titled “Example Configuration”Host myserver HostName <<SERVER>> User <<USER>> IdentityFile ~/.ssh/id_ed25519 Port 22Then simply connect using:
ssh myserverFor multiple servers:
Host web HostName 192.168.1.10 User ubuntu IdentityFile ~/.ssh/id_ed25519
Host db HostName 192.168.1.11 User ec2-user IdentityFile ~/.ssh/id_ed25519Tip: Use separate key pairs per host for higher security.
Verification and Debugging
Section titled “Verification and Debugging”To verify or troubleshoot connections:
ssh -vvv -i ~/.ssh/id_ed25519 <<USER>>@<<SERVER>>Look for:
debug1: Authentication succeeded (publickey)Troubleshooting
Section titled “Troubleshooting”Common failure causes:
-
Server doesn’t allow public key authentication
→ CheckPubkeyAuthentication yesin/etc/ssh/sshd_config. -
Incorrect or missing authorized_keys entry
→ Ensure key is properly copied to the correct user’s.sshdirectory. -
Wrong username or host
→ Verify connection parameters and permissions.
Conclusion
Section titled “Conclusion”SSH public key authentication enables secure, passwordless server access.
Both Windows and Linux support easy setup via ssh-keygen.
Proper key management and permissions are essential for a reliable configuration.