Dimas Maulana
Dimas Maulana

Setting Up Windows SSH Server With Public Key Authentication

Dimas Maulana Development
 

In this guide, we will walk you through the steps to set up an SSH server on a Windows system and configure it to use public key authentication instead of a password. This enhances security by eliminating the need for password-based access and relying on cryptographic keys for authentication.

Prerequisites

Before you start, ensure you have the following:

  1. A Windows machine with the SSH server (sshd) installed.
  2. An SSH client from which you will connect to the Windows server.

Steps to Set Up SSH Server With Public Key Authentication

1. Generate SSH Key Pair on the Client

If you haven’t already, generate an SSH key pair on your client machine. You can use the ssh-keygen command to do this. Replace [[email protected]] with your email address.

1

ssh-keygen -t rsa -b 4096 -C "[email protected]"

This will generate a public key (id_rsa.pub) and a private key (id_rsa) in your ~/.ssh directory.

2. Copy the Public Key to the Server

Now, you need to copy the public key from your client machine to the Windows SSH server. You can use ssh-copy-id if available, or manually add the public key to the authorized_keys file on the server.

1
2

# Using ssh-copy-id (if available)
ssh-copy-id username@your_server_ip

Alternatively, manually add the public key to ~/.ssh/authorized_keys on the Windows server. You can use any text editor to do this, such as Notepad.

1
2

# On the server
C:\Users\<username>\.ssh\authorized_keys

Paste your public key (id_rsa.pub) content into the authorized_keys file.

3. Configure SSH Server

Edit the SSH server configuration file located at C:\ProgramData\ssh\sshd_config. You can use a text editor like Notepad to make the changes.

1
2
3
4
5
6
7
8
9

# Open C:\ProgramData\ssh\sshd_config

# Comment out the following lines if they exist
#Match Group administrators
# AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

# Ensure the following lines are configured as follows
PubkeyAuthentication yes
PasswordAuthentication no

Make sure you uncomment (remove the # at the beginning of) the PubkeyAuthentication and PasswordAuthentication lines as shown above. This enforces public key authentication and disables password-based authentication.

4. Restart the SSH Service

To apply the changes, restart the SSH service. You can do this via PowerShell:

1

Restart-Service sshd

Conclusion

You have successfully set up your Windows SSH server to use public key authentication instead of passwords, which improves the security of your SSH access. Now, you can log in to your Windows server using your private key from the SSH client. Remember to keep your private key secure, and never share it with anyone.

Updated on 24-12-2021 
Back | Home
0%