How to generate SSH keys from Windows to Linux using the default command line

What's the goal?

We want to SSH from our Windows machine to our Linux machine, without using a password, but over a secured connection.

On Windows

Preparation

Create a folder where we will store our SSH keys. Create a folder .ssh in your home directory.

C:\Users\Kenji\.ssh

Generate the SSH keys

To generate our SSH keys simple use the following command in your command prompt. If you don't know how to open your command prompt, press your windows key or go to start and type in cmd.

ssh-keygen

Specify the path with the name of choice of the SSH key. We'll call it linux-server.

Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\Kenji/.ssh/id_rsa): C:\Users\Kenji\.ssh\linux-server

You can choose a passphrase, but in this example we won't simply so we don't have to fill in a password every time we want to SSH our Linux server. To do this, press enter twice.

Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Users\Kenji/.ssh/linux-server.
Your public key has been saved in C:\Users\Kenji/.ssh/linux-server.pub.
The key fingerprint is:
SHA256:0681BrOJgYUfnWyOlqPu058mhyCFl00VLWXQp44Z1y0 [email protected]
The key's randomart image is:
+---[RSA 2048]----+
|         .+*o    |
|       ..o.oo .  |
|     ..+o =. + . |
|    . ++.B. o E .|
|     o. S =*   . |
|    . .o =o*.    |
|     ..o..o =    |
|     .. + o= .   |
|     .o. =+      |
+----[SHA256]-----+

Your SSH keys have now been generated.

Config setup

We're going to create a config file so we don't have to specify the path to our private key in our SSH command every time we SSH into our Linux server. Go to the directory where we saved the SSH keys.

C:\Users\Kenji\.ssh

Now create a file called config, make sure it has no extension.

C:\Users\Kenji\.ssh\config

Open it with a text editor and paste this:

Host 192.168.0.X
  IdentityFile C:\Users\Kenji\.ssh\linux-server

Change the X to the local ip of your Linux server or use your host name instead. IdentityFile will point to our private key.

Permissions

If we try to SSH later we might run into problems and get a permissions error like this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions for 'C:\\Users\\Kenji\\.ssh\\linux-server' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "C:\\Users\\Kenji\\.ssh\\linux-server": bad permissions

To prevent this error simply right click on the private key in your file explorer, click on Properties. Go to Security and click Advanced.

C:\Users\Kenji\.ssh\ubuntu-server

Select Everyone and click Remove. Click Apply and then OK.

Copy the key

Go back to the folder where we saved our keys.

C:\Users\Kenji\.ssh

Open linux-server.pub with a text editor. Copy the contents of the file to the clipboard.

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1lsubXhpWwJhrpwg6Jqmnzz7O0nNnXiqdDTPohSEwHqG200ZYGkEvn8Ye7GKWtaQQLHulbmRSQmF4t2Dg/2CqUq4iYXu7J+jBr8vpH8ElF3ENbPU9NDRutREjOMSO/f64TMZ1VXLZ32VHvz//cxyfCUxRVXB5rX5FdvTIkggatHhPi7OVc+k28NKJ2CavNn5cfApVSESJhzUWwwIBEM1bv6sgz2/+vGkAmwvxdVUl/PkozRWrfg/k9VuQoT+UT0AqeIUhnmyfzZJAF+wKJofFsI15RLKjqGLY7S54TUkNgrBlP4nRBt0oWZqMF6BdGPjcZFYaosmD2R0dLwk9wRXL [email protected]

Normal SSH

Now SSH into our Linux server by using the default method with a password. And change the X with your Linux local ip address or use your hostname instead of the ip address.

ssh [email protected]

On Linux

Copy the key over

Create a folder in your home directory called .ssh .

mkdir /home/ubuntu/.ssh

Now create a file called authorized_keys.

nano /home/ubuntu/.ssh/authorized_keys

Now paste the key we have in our clipboard to this file. Save and exit.

Change Ownership

We need to make sure that no one can access our authorized_keys, otherwise we might run into security issues. You might not be able to SSH if the permissions aren't set right.

sudo chmod 700 /home/ubuntu/.ssh && \
sudo chmod 644 /home/ubuntu/.ssh/authorized_keys

Enable SSH with keys

We need to enable the public key authentication on our Linux server. We also need to make sure it points to our directory we created. To do this edit the SSHd config.

sudo nano /etc/ssh/sshd_config

Find the following line and uncomment it so it looks like this:

PubkeyAuthentication yes

Then find the following line and uncomment it to point it to the authorized_keys file we created earlier. Specify the right path, then save and exit.

AuthorizedKeysFile      /home/ubuntu/.ssh/authorized_keys

Now restart the SSH service.

service sshd restart

Back to Windows

Now SSH into your Linux server.

ssh [email protected]

Change the X with the ip of your Linux Server or use your host name. You should now finally be logged in without having to enter a password.