😎

Creating a SSH Key-based Authentication for Linux Server (with Windows)

Apr 26, 2025

Generating a SSH Key

Firstly, open a Windows PowerShell terminal.

cd into .ssh folder directory or whichever folder you prefer.

PS C:\Users\jun> cd .ssh
PS C:\Users\jun\.ssh> ssh-keygen
Generating public/private ed25519 key pair.
Enter file in which to save the key (C:\Users\jun/.ssh/id_ed25519): mainsever
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in mainsever
Your public key has been saved in mainsever.pub
The key fingerprint is:
SHA256:NKXXXXXXXXXXXXXXZznMIY+ugXXXXJT/Yxpgxxxxxxxo jun@Jun
The key's randomart image is:
+--[ED25519 256]--+
| =*ooo..o.       |
|o==Bo ooo.       |
|=.+..o.+o+.      |
|oo .  ++ . .     |
|+.. . ..S  .     |
|=+ o =  =.       |
|*.. * + .   +    |
| o.= o .   .     |
| .o E . . .      |
+----[SHA256]-----+
  • You can use the default id_ed25519 by just pressing the enter key. However, if you already have an existing id_ed25519 file, you might want to reconsider renaming the filename.
  • You can skip the passphrase by pressing the enter key. However, it would be more secure if you enter a passphrase.

The key will be saved into the .ssh folder directory or whichever directory you have specified.

 

Copy SSH Key to Remote Linux Device

type $env:USERPROFILE\.ssh\{name}.pub | ssh {username}@{IP-ADDRESS-OR-FQDN} "cat >> .ssh/authorized_keys"
  • {name} is your key name you have given - in this example is mainserver. If you did not, the default name should be id_ed25519.

 

Add into SSH Key Agent

ssh-add $env:USERPROFILE\.ssh\{name}
  • {name} is your key name you have given - in this example is mainserver. If you did not, the default name should be id_ed25519.

See Issues & Mitigations if you are having troubles adding with ssh-add.

 

Remove Password Authentication from Linux Server

Inside your Linux Server terminal, run the following command to edit the SSH configuration:

sudo nano /etc/ssh/sshd_config

Look out for and change PasswordAuthentication from “Yes” to “No”.

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no

Exit by pressing Ctrl + X. Enter Y to save changes. Then press Enter key.

Then restart the ssh/sshd service using:

sudo systemctl restart ssh

Now try to SSH into your Linux server!

Important: Do NOT lose your keys! Always back them up somewhere safe and secure too.

 

Issues & Mitigations

PowerShell: “unable to start ssh-agent service, error :1058 when running ssh-agent”

Ensure OpenSSH is Installed by:

  • Opening PowerShell as an Administrator.

  • Run the following command to check if OpenSSH is installed:

    Get-WindowsCapability -Online | Where-Object {$_.Name -like 'OpenSSH.Client*'}

    • If not installed, run the following command:

      Add-WindowsCapability -Online -Name OpenSSH.Client

  • Press Win + R, type services.msc, and press Enter to open the Services window.

  • Look for OpenSSH Authentication Agent in the list of services.

  • If the service is disabled or stopped, right-click on it and select Properties.

  • Set the Startup type to Automatic.

  • Click Start to start the service if it’s stopped.

  • Click OK to save the changes.

(VPS) Server Still Requesting for Password

Despite disabling PasswordAuthentication via /etc/ssh/sshd_config, the server is still requesting for password.

  • Check the directory /etc/ssh/sshd_config.d:

    ls /etc/ssh/sshd_config.d

    • If you see the following:

      50-cloud-init.conf  60-cloudimg-settings.conf

      Create a new file called 0-custom.conf:

      sudo nano /etc/ssh/sshd_config.d/0-custom.conf

      Then add the following into it:

      PasswordAuthentication no

      Then restart the SSH service:

      sudo systemctl restart ssh

Note: If you see ChallengeResponseAuthentication or KbdInteractiveAuthentication set as “Yes” in one of the “cloud config” files, add “No” to these two into the 0-custom.conf and restart the SSH service.

 

With references from:

- https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server

- https://chrisjhart.com/Windows-10-ssh-copy-id/

I was setting up my VPS and would like to document how I set it up for my future references. I thought I might as well share it online for other people to reference it or possibly help check if there’s any misconfigurations. Please pardon me if there’s any mistakes 🙏.

Feel free to drop me an inbox if there’s any misconfigurations or queries!

[Aug 18, 2025] Updated content for more clarity.

Disclaimer