SSH Public Key Authentication Client Setup (Windows/Linux)

Overview

This article explains how to configure SSH public key authentication on the client side for secure server access. The instructions apply to both Windows and Linux environments.

Prerequisites

• SSH client is pre-installed (Windows 10 or later, Linux default)
• The target server allows public key authentication
• The user account exists on the server

Key Types and Encryption Methods

SSH supports several key types, such as RSA, ECDSA, and Ed25519. The following table compares their characteristics, recommended use cases, and compatibility.

Key Type	Features	Recommended Use	Compatibility
RSA	Widely used, adjustable key length, high versatility	Legacy systems or high-compatibility environments	Very High
ECDSA	Uses elliptic curve cryptography, faster with shorter keys	Performance-oriented environments	Moderate
Ed25519	Modern standard, fast, highly secure, small key size	New deployments, security-critical systems	Supported on OpenSSH 6.5+

Recommendation: Ed25519 is the preferred standard. It provides better security and performance, while RSA remains widely used for compatibility.

Variable Conventions

The following variables are used in examples. Replace them with your actual environment values.

Variable	Example	Description
<<USERNAME>>	exampleuser	Your local login username
<<SERVER>>	192.168.1.10	Target host or IP address
<<USER>>	ubuntu or ec2-user	SSH username on the server
<<EMAIL_ADDRESS>>	user@example.com	Optional comment for key identification

---

Note for Windows Users
The Windows commands in this article assume PowerShell.
If using Command Prompt, replace $env:USERPROFILE with %USERPROFILE%.

Windows Client Setup

Step 1: Generate SSH Key Pair

Open PowerShell as Administrator and run:

ssh-keygen -t ed25519 -C "<<EMAIL_ADDRESS>>"

Example output:

Generating public/private ed25519 key pair.
Enter file in which to save the key (/C:/Users/<<USERNAME>>/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):

• Public Key: $env:USERPROFILE\.ssh\id_ed25519.pub
• Private Key: $env:USERPROFILE\.ssh\id_ed25519

Step 2: Copy Public Key to Server

cat $env:USERPROFILE\.ssh\id_ed25519.pub | ssh <<USER>>@<<SERVER>> "mkdir -p ~/.ssh; cat >> ~/.ssh/authorized_keys; chmod 600 ~/.ssh/authorized_keys"

Alternatively, manually paste the content of .pub into the server’s ~/.ssh/authorized_keys.

Step 3: Verify Connection

ssh -i $env:USERPROFILE\.ssh\id_ed25519 <<USER>>@<<SERVER>>

---

Linux Client Setup

Step 1: Generate SSH Key Pair

ssh-keygen -t ed25519 -C "<<EMAIL_ADDRESS>>"

• Public Key: ~/.ssh/id_ed25519.pub
• Private Key: ~/.ssh/id_ed25519

Step 2: Register Public Key on Server

Use ssh-copy-id for automated setup:

ssh-copy-id -i ~/.ssh/id_ed25519.pub <<USER>>@<<SERVER>>

Or manually append the public key to ~/.ssh/authorized_keys.

Step 3: Verify Connection

ssh -i ~/.ssh/id_ed25519 <<USER>>@<<SERVER>>

---

Using Passphrase-Protected Keys

If you generated a key with a passphrase, configure an SSH agent to avoid entering it every time.
The agent securely stores private keys in memory and automatically signs authentication requests.

Step 1: Start SSH Agent

Windows:

Set-Service -Name ssh-agent -StartupType Manual
Start-Service ssh-agent

Linux:

eval "$(ssh-agent -s)"

Auto-Start Configuration

Windows:

Set-Service -Name ssh-agent -StartupType Automatic

Linux:
Add the following to ~/.bashrc or ~/.profile:

eval "$(ssh-agent -s)" > /dev/null

Step 2: Add Key to Agent

Windows:

ssh-add $env:USERPROFILE\.ssh\id_ed25519

Linux:

ssh-add ~/.ssh/id_ed25519

Step 3: Verify Registration

ssh-add -l

You should see the fingerprint of your registered key.

---

SSH Config File for Simplified Access

Avoid repetitive command typing by creating an SSH config file.

Path:

• Linux: ~/.ssh/config
• Windows: C:\Users\<<USERNAME>>\.ssh\config

Example Configuration

Host myserver
    HostName <<SERVER>>
    User <<USER>>
    IdentityFile ~/.ssh/id_ed25519
    Port 22

Then simply connect using:

ssh myserver

For multiple servers:

Host web
    HostName 192.168.1.10
    User ubuntu
    IdentityFile ~/.ssh/id_ed25519

Host db
    HostName 192.168.1.11
    User ec2-user
    IdentityFile ~/.ssh/id_ed25519

Tip: Use separate key pairs per host for higher security.

---

Verification and Debugging

To verify or troubleshoot connections:

ssh -vvv -i ~/.ssh/id_ed25519 <<USER>>@<<SERVER>>

Look for:

debug1: Authentication succeeded (publickey)

---

Troubleshooting

Common failure causes:

1. Server doesn’t allow public key authentication
   → Check PubkeyAuthentication yes in /etc/ssh/sshd_config.

2. Incorrect or missing authorized_keys entry
   → Ensure key is properly copied to the correct user’s .ssh directory.

3. Wrong username or host
   → Verify connection parameters and permissions.

---

Conclusion

SSH public key authentication enables secure, passwordless server access.
Both Windows and Linux support easy setup via ssh-keygen.
Proper key management and permissions are essential for a reliable configuration.