PowerShell is a powerful scripting language that can automate tasks on Windows computers. This guide will show you how to use SSH from PowerShell to log into a connection without a password by using a key stored on your Windows 11 computer.
Prerequisites
To use SSH from PowerShell, you will need:
- Windows computer with PowerShell installed
- SSH client installed on the Windows computer (Windows 10 or Windows 11)
- SSH server installed on the Linux computer (Ubuntu or Debian)
Installing SSH client on Windows
The SSH client is not installed by default on Windows. To install it on Windows 10 or Windows 11, open PowerShell and run the following command:
Install-WindowsFeature OpenSSH-Client
Installing SSH server on Linux
To install the SSH server on Ubuntu or Debian, run the following command:
sudo apt install openssh-server
To configure the SSH server, edit the configuration file located at /etc/ssh/sshd_config
.
nano /etc/ssh/sshd_config
In the SSH server configuration file, make any desired changes such as a different port number, permit root login, allow password authentication, allow pubkey authentication, etc. After you are done making your changes, save the file and then restart the SSH server service.
sudo systemctl restart sshd.service
Connecting to Linux server using a password
After the SSH server has been configured, you can connect your Windows computer to the Linux server using ssh
with password authentication.
By default, ssh
will use the same user name as your current Windows account. This might not be the same user as your Linux server. You can specify a different user with the optional parameter -l
or username@remote_computer
.
For example, in PowerShell, run one of the following commands:
ssh -l username 192.168.100.101
ssh username@192.168.100.101
You can also use the optional parameter -p
to define the SSH port (default is 22).
ssh username@192.168.100.101 -p 22
When you are prompted for a password, enter the password for the user on the Linux server.
If this is the first time you are connecting to the SSH server, ssh
will prompt you to verify the server’s fingerprint. Enter “yes” when prompted to confirm.
The authenticity of host '192.168.100.101 (192.168.100.101)' can't be established.
ECDSA key fingerprint is SHA256:.................................
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.100.101' (ECDSA) to the list of known hosts.
Creating a public key
Instead of using a passphrase, a keypair can be created and stored on your Windows computer for authentication when logging into the SSH server.
To create a key pair, launch PowerShell and run the ssh-keygen
command with the -t parameter to specify the type of SSH key, such as the rsa
type.
PS C:\Users\myuser> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\myuser/.ssh/id_rsa): [enter]
Created directory 'C:\Users\myuser/.ssh'.
Enter passphrase (empty for no passphrase): [enter password]
Enter same passphrase again: [enter password]
Your identification has been saved in C:\Users\myuser/.ssh/id_rsa.
Your public key has been saved in C:\Users\myuser/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:SvV[................] myuser@MY-COMPUTER
They key's randomart image is:
+--- [RSA 3072]----+
| [......] |
+----[SHA256]------+
PS C:\Users\myuser>
A new folder named “.ssh” will be created in your user folder. Inside the .ssh folder, two files will be created with the filenames id_rsa
and id_rsa.key
.
The “id_rsa” file without any extension is the private key, which you should keep private. We recommend this file be password-protected when prompted while running the above ssh-keygen
command.
The “id_rsa.pub” file is the public key of your key pair. It needs to be installed on the remote server where you want to login using SSH.
Configuring SSH Agent
An SSH Agent is a Windows program that runs in the background and loads your private key with the password into memory. This will allow you to use the ssh
command without always having to enter the passphrase again.
You can check whether the service is already running or not:
PS C:\Users\myuser> Get-Service ssh-agent
Status Name DisplayName
------ ---- -----------
Stopped ssh-agent OpenSSH Authentication Agent
To enable and start the ssh-agent service, open another PowerShell window (run as Administrator), then enter the following commands:
PS C:\WINDOWS\system32> Get-Service ssh-agent | Set-Service -StartupType Manual
PS C:\WINDOWS\system32> Get-Service ssh-agent
Status Name DisplayName
------ ---- -----------
Stopped ssh-agent OpenSSH Authentication Agent
PS C:\WINDOWS\system32> Start-Service ssh-agent
PS C:\WINDOWS\system32> Get-Service ssh-agent
Status Name DisplayName
------ ---- -----------
Running ssh-agent OpenSSH Authentication Agent
SSH Agent should now be running.
Back in your first PowerShell window (as your own user, not as Administrator), use ssh-add
to load your own private key into SSH Agent:
PS C:\Users\myuser> ssh-add .\.ssh\id_rsa
Enter passphrase for .\ssh\id_rsa: [enter password]
Identity added: .\ssh\id_rsa (myuser@MY-COMPUTER)
Installing public key on Linux server
Open your id_rsa.pub file with a text editor such as Notepad. You should see a long line of text representing the public key.
Copy and paste the contents of the file (the long line of text representing the public key) into the file ~/.ssh/authorized_keys
located on the remote server.
You should now be able to connect your Windows computer to the Linux server using key pair authentication. You can use the same ssh
command from the above section describing how to connect to the Linux server using a password. For example:
ssh username@192.168.100.101 -p 22
Leave a Reply