OpenSSH : SSH Key-Pair Authentication2025/04/24 |
|
Configure SSH Key-Pair Authentication. |
|
| [1] | By default setting of OpenSSH on Windows, public-key file-name for common users is the same with Linux default (authorized_keys), however, [serverworlds] group is configured another file name, so take care it for configuration. |
PowerShell Copyright (C) Microsoft Corporation. All rights reserved. # for common users, it's [authorized_keys] PS C:\Users\serverworld> Get-Content C:\ProgramData\ssh\sshd_config | Select-String -Pattern "^AuthorizedKeysFile" AuthorizedKeysFile .ssh/authorized_keys # for [serverworlds] group, it's [serverworlds_authorized_keys] PS C:\Users\serverworld> Get-Content C:\ProgramData\ssh\sshd_config -Tail 3 Match Group serverworlds AuthorizedKeysFile __PROGRAMDATA__/ssh/serverworlds_authorized_keys |
| [2] | Logon as a user you'd like to set SSH key-pair and run PowerShell to configure. |
PowerShell Copyright (C) Microsoft Corporation. All rights reserved. # create key-pair PS C:\Users\serverworld> ssh-keygen Generating public/private ed25519 key pair. Enter file in which to save the key (C:\Users\Serverworld/.ssh/id_ed25519): # Enter or input changes if you want Created directory 'C:\\Users\\Serverworld/.ssh'. Enter passphrase (empty for no passphrase): # set passphrase (if set no passphrase, Enter with empty) Enter same passphrase again: Your identification has been saved in C:\Users\Serverworld/.ssh/id_ed25519 Your public key has been saved in C:\Users\Serverworld/.ssh/id_ed25519.pub The key fingerprint is: SHA256:4sZ63SkfIcIC03O7Nv8c2jNx6rhN04wrSidvQ5jnaNQ serverworld@RX-0 The key's randomart image is: PS C:\Users\serverworld> cd .ssh PS C:\Users\serverworld\.ssh> ls Directory: C:\Users\serverworld\.ssh Mode LastWriteTime Length Name ---- ------------- ------ ---- -a---- 4/24/2025 6:35 PM 464 id_ed25519 -a---- 4/24/2025 6:35 PM 99 id_ed25519.pub # rename public-key PS C:\Users\serverworld\.ssh> mv id_ed25519.pub authorized_keys PS C:\Users\serverworld\.ssh> ls Directory: C:\Users\serverworld\.ssh Mode LastWriteTime Length Name ---- ------------- ------ ---- -a---- 4/24/2025 6:35 PM 99 authorized_keys -a---- 4/24/2025 6:35 PM 464 id_ed25519 |
| [3] | Transfer the private key created on the Server to a Client, then it's possbile to login with Key-Pair authentication. |
PowerShell Copyright (C) Microsoft Corporation. All rights reserved. # create [.ssh] folder if it does not exist PS C:\Users\serverworld> mkdir .ssh PS C:\Users\serverworld> cd .ssh # transfer the private key to the local ssh directory PS C:\Users\serverworld\.ssh> scp Serverworld@10.0.0.101:'C:\Users\serverworld\.ssh\id_ed25519' ./ The authenticity of host '10.0.0.101 (10.0.0.101)' can't be established. ED25519 key fingerprint is SHA256:cPH/QhY3fA+xz3z1guTIwl2emYhlzsTXNGzdS2nh5wQ. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '10.0.0.101' (ED25519) to the list of known hosts. Serverworld@10.0.0.101's password: id_ed25519 PS C:\Users\serverworld\.ssh> ls Directory: C:\Users\serverworld\.ssh Mode LastWriteTime Length Name ---- ------------- ------ ---- -a---- 4/24/2025 4:37 AM 464 id_ed25519 -a---- 4/24/2025 4:26 AM 831 known_hosts -a---- 4/24/2025 4:26 AM 93 known_hosts.old # verify access PS C:\Users\serverworld\.ssh> ssh Serverworld@10.0.0.101 hostname Enter passphrase for key 'C:\Users\serverworld/.ssh/id_ed25519': # passphrase if you set RX-7 # authenticated |
| [4] | If you set [PasswordAuthentication no], it's more secure. |
PowerShell Copyright (C) Microsoft Corporation. All rights reserved. # change to [PasswordAuthentication no] PS C:\Users\serverworld> (Get-Content C:\ProgramData\ssh\sshd_config).Replace("#PasswordAuthentication yes","PasswordAuthentication no") | Set-Content C:\ProgramData\ssh\sshd_config PS C:\Users\serverworld> echo 'KbdInteractiveAuthentication no' | Add-Content C:\ProgramData\ssh\sshd_config -Encoding UTF8 PS C:\Users\serverworld> Restart-Service -Name "sshd" |
| Sponsored Link |
|
|