- Windows Ssh Key Location
- Windows 8 Ssh Key Location Windows 10
- Windows 8 Ssh Key Location Finder
- Ssh Public Key Windows
- Ssh Keys Download Windows
To use your SSH keys, copy your public SSH key to the system you want to connect to. Use your private SSH key on your own system. Your private key will match up with the public key, and grant access. For further details and troubleshooting, see our guide on paswordless SSH login using SSH keys. Generating the pair of keys from Windows Laptop and copying the public key on the RPi authorizedkeys file. Configuring Putty. In sshdconfig file I open Authorizedkeys file. Chmod 700 ssh and chmod 600 authorizedkeys etc.- And I always get Server refused our key Googling doesn't help I would really appreciate help.
In this article we will configure SSH authentication with RSA keys on Windows to securely access remote servers/computers. We'll show how to generate RSA keys (certificates) on Windows and configure a built-in OpenSSH server on Windows 10/Windows Server 2019 for key-based authentication (allows to authenticate on remote hosts without passwords).
SSH key-based authentication is widely used in the Linux world, but in Windows it has appeared quite recently. The idea is that the client's public key is added on the SSH server, and when a client tries to connect to it, the server checks if the client has the corresponding private key.
Generating SSH (RSA) on Windows
You must generate two RSA keys (public and private ones) on a client computer you will use to connect to the remote Windows server that is running OpenSSH. A private key is stored on a client side (do not pass it to anyone!), and a public key is added to the authorized_keys file on the SSH server. To generate RSA keys on a Windows client, you must install the OpenSSH client.
In Windows 10 1809 (and newer) and Windows Server 2019, the OpenSSH client is installed as a separate feature:
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
Run a standard (non-privileged) PowerShell session and generate a pair of RSA 2048 keys using the command:
ssh-keygen
You will be prompted to enter a password to protect the private key. If you specify the password, you will have to enter it each time you use this key for SSH authentication. I have not entered any passphrase (not recommended).
Ssh-keygen will create the .ssh directory in the profile of a current Windows user (C:Usersyour_username) and place 2 files in it:
- id_rsa – a private key
- id_rsa.pub – a public key
After you have created the RSA keys, you can add the private key to the SSH Agent service, that allows to conveniently manage private keys and use them for authentication. SSH Agent stores private keys and provides them in the security context of the current user. Run the ssh-agent service and configure it to startup automatic using the PowerShell service management commands:
set-service ssh-agent StartupType ‘Automatic'
Start-Service ssh-agent
Add your private key to the ssh-agent database:
ssh-add 'C:Usersyouruser.sshid_rsa'
Or as follows:
ssh-add.exe $ENV:UserProfile.sshid_rsa
Configuring OpenSSH Server on Windows to Authenticate Using SSH Keys
Then copy the public key you have generated on the client to your SSH server (in this example it is a remote computer running Windows 10 1903 and having OpenSSH configured).
Copy the id_rsa.pub file to the .ssh directory in the profile of the user you will use to connect to the SSH server. For example, I have an adminuser in my Windows 10, so I must copy the key to C:Usersadmin.sshauthorized_keys.
Windows Ssh Key Location
You can copy the public key to the SSH server using SCP:
Windows 8 Ssh Key Location Windows 10
scp C:Usersyouruser.sshid_rsa.pub admin@192.168.1.15:c:usersadmin.sshauthorized_keys
Now you can connect to your Windows SSH server without a password. If you have not set a password (passphrase) for the private key, you will automatically connect to your remote Windows host.
To connect to a remote host using native SSH client, you will need the following command:
ssh (username)@(SSH server name or IP address)
For example:
ssh admin@192.168.1.15
ssh admin@192.168.1.15 -i 'C:Usersyouruser.sshid_rsa'
Windows 8 Ssh Key Location Finder
If you were not able to connect to your SSH server using the RSA key and you are still prompted to enter a password, it is likely that the user account you are trying to connect to is a member of local server administrators group (the group SID is S-1-5-32-544). We will discuss it later.
How to Login Windows Using SSH Key Under Local Admin?
Run a standard (non-privileged) PowerShell session and generate a pair of RSA 2048 keys using the command:
ssh-keygen
You will be prompted to enter a password to protect the private key. If you specify the password, you will have to enter it each time you use this key for SSH authentication. I have not entered any passphrase (not recommended).
Ssh-keygen will create the .ssh directory in the profile of a current Windows user (C:Usersyour_username) and place 2 files in it:
- id_rsa – a private key
- id_rsa.pub – a public key
After you have created the RSA keys, you can add the private key to the SSH Agent service, that allows to conveniently manage private keys and use them for authentication. SSH Agent stores private keys and provides them in the security context of the current user. Run the ssh-agent service and configure it to startup automatic using the PowerShell service management commands:
set-service ssh-agent StartupType ‘Automatic'
Start-Service ssh-agent
Add your private key to the ssh-agent database:
ssh-add 'C:Usersyouruser.sshid_rsa'
Or as follows:
ssh-add.exe $ENV:UserProfile.sshid_rsa
Configuring OpenSSH Server on Windows to Authenticate Using SSH Keys
Then copy the public key you have generated on the client to your SSH server (in this example it is a remote computer running Windows 10 1903 and having OpenSSH configured).
Copy the id_rsa.pub file to the .ssh directory in the profile of the user you will use to connect to the SSH server. For example, I have an adminuser in my Windows 10, so I must copy the key to C:Usersadmin.sshauthorized_keys.
Windows Ssh Key Location
You can copy the public key to the SSH server using SCP:
Windows 8 Ssh Key Location Windows 10
scp C:Usersyouruser.sshid_rsa.pub admin@192.168.1.15:c:usersadmin.sshauthorized_keys
Now you can connect to your Windows SSH server without a password. If you have not set a password (passphrase) for the private key, you will automatically connect to your remote Windows host.
To connect to a remote host using native SSH client, you will need the following command:
ssh (username)@(SSH server name or IP address)
For example:
ssh admin@192.168.1.15
ssh admin@192.168.1.15 -i 'C:Usersyouruser.sshid_rsa'
Windows 8 Ssh Key Location Finder
If you were not able to connect to your SSH server using the RSA key and you are still prompted to enter a password, it is likely that the user account you are trying to connect to is a member of local server administrators group (the group SID is S-1-5-32-544). We will discuss it later.
How to Login Windows Using SSH Key Under Local Admin?
OpenSSH uses special key-based access settings for the users with Windows local administrator privileges.
First of all, use a key file C:ProgramDatasshadministrators_authorized_keys instead of the authorized_keys file in the user profile. You must add your SSH key to this text file (for security purposes, only the Administrators group and SYSTEM should have permissions to read this file).
In order to use the authorized_keys file from a user profile and not to move the public key data to the administrators_authorized_keys file, you can comment the related line in the OpenSSH configuration file (C:ProgramDatasshsshd_config).
Comment these lines:#Match Group administrators
# AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
Allow access Windows using RSA keys in the sshd_config file:
PubkeyAuthentication yes
And disable ssh password login:
PasswordAuthentication no
Don't forget to restart the sshd service after saving changes in sshd_config.
restart-service sshd
Here is another important thing. In earlier OpenSSH versions you had to grant NT Servicesshd the read permissions on the authorized_keys file.
To do it, you have to do one of the following:
- Install the OpenSSHUtils module:
Install-Module -Force OpenSSHUtils -Scope AllUsers
. To change file permissions, run this command: Repair-AuthorizedKeyPermission -FilePath C:Usersadmin.sshauthorized_keys
- Change the NTFS permissions for the file using NTFSSecurity module or icacls;
- Or you can disable StrictModes in the sshd_config file. By default, this mode is enabled and prevents key-based authentication, if a public and private keys are not protected well. Uncomment the line
#StrictModes yes
, and change it toStrictModes no
.
So you have configured the SSH authentication on Windows using a public RSA key (certificate). Now you can use this authentication method to safely access remote servers, automatically forward ports in the SSH tunnel, run scripts and do any other automation-related tasks.