How to Set Up SSH Key Authentication in Windows 11

SSH key authentication is a secure way to log into computers without typing passwords. This guide explains how to set it up on Windows 11 in simple steps.

Why Use SSH Key Authentication?

SSH keys are more secure than passwords. They use complex codes that are very hard to crack. You won’t need to remember or type passwords every time you connect to a server. This saves time and keeps your accounts safer.

What You Need Before Starting

Windows 11 comes with OpenSSH already built in. You don’t need to install anything extra. You just need to use it. Windows Terminal or PowerShell will be your main tools.

Why does this matter? Built-in OpenSSH means you can get started right away without downloading software.

How to Create SSH Keys in 🪟 Windows 11

Creating SSH keys is the first step. You will make two keys: a public key and a private key. The public key goes on servers. The private key stays on your computer only.

Step 1: Open Windows Terminal

Click the Windows Start button. Type “Windows Terminal” and open it.

Why? Windows Terminal is safer and easier to use than the old Command Prompt.

Step 2: Generate Your SSH Key Pair

Copy and paste this command into Windows Terminal:

ssh-keygen -t ed25519 -C "your-email@example.com"

Then press Enter.

What happens? The command creates a new SSH key using the Ed25519 algorithm. This is the newest and safest method. GitHub and other services recommend it.

If your computer is older, you can use this command instead:

ssh-keygen -t rsa -b 4096 -C "your-email@example.com"

This creates a 4096-bit RSA key, which is also secure.

Step 3: Choose Where to Save Your Key

The command will ask: “Enter a file in which to save the key”

Just press Enter to accept the default location.

What happens? Your keys will be saved in C:\Users\YourUsername\.ssh

Replace YourUsername with your actual Windows account name.

Step 4: Add a Passphrase (Optional but Recommended)

The command will ask: “Enter passphrase (empty for no passphrase)”

You can type a strong password here or leave it blank and press Enter.

Why add a passphrase? If someone gets your private key file, they still can’t use it without the passphrase. This adds extra protection.

What happens? If you add a passphrase, you’ll type it each time you use the key.

Step 5: Confirm Key Generation

You’ll see a message showing your key was created. You should see something like this:

Your identification has been saved in /home/user/.ssh/id_ed25519.
Your public key has been saved in /home/user/.ssh/id_ed25519.pub.
The key fingerprint is: SHA256:xxxxxxxxxxxxxxxxxxxxx

What does this mean? Your key pair is ready to use.

Understanding Your SSH Folder Structure

Your SSH keys live in the .ssh folder. Here’s what’s inside:

Folder location: C:\Users\YourUsername\.ssh

Files inside:

• id_ed25519 – Your private key (keep this secret)
• id_ed25519.pub – Your public key (share this)
• authorized_keys – Keys allowed to log in (created later)
• config – Settings for SSH connections (optional)

Why the odd folder name? The dot (.) makes the folder hidden on Windows. This keeps your keys out of sight.

File Permissions: Keep Your Keys Safe

On Windows 11, SSH checks that only you can read your private key. The proper permissions are:

• Private key (id_ed25519) should be readable only by you (equivalent to 600)
• Public key (id_ed25519.pub) can be readable by anyone (equivalent to 644)
• The .ssh folder itself should be accessible only by you (equivalent to 700)

What happens if permissions are wrong? SSH will refuse to use your key for security reasons.

On Windows, OpenSSH automatically sets correct permissions. You usually don’t need to change anything.

How to Generate Multiple SSH Keys for Different Services

You might need separate keys for GitHub, work servers, and personal servers. This is safer because each key can only access one service.

Creating a Second SSH Key

Open Windows Terminal and run:

ssh-keygen -t ed25519 -C "work-email@company.com" -f "C:\Users\YourUsername\.ssh\id_ed25519_work"

Replace:

• work-email@company.com with your work email
• YourUsername with your Windows account name
• id_ed25519_work with a name for this key

What happens? A new key pair is created with a different name. You can now have multiple keys for different purposes.

Telling SSH Which Key to Use

Create or edit a file called config in your .ssh folder. Open Notepad and create a new file. Add this:

Host github.com
  HostName github.com
  User git
  IdentityFile C:\Users\YourUsername\.ssh\id_ed25519

Host work-server
  HostName work.example.com
  User workuser
  IdentityFile C:\Users\YourUsername\.ssh\id_ed25519_work

Replace the paths and hostnames with your actual information.

Save this as config (no file extension) in your .ssh folder.

Why is this helpful? SSH will automatically use the right key for each server.

Adding Your Key to the SSH Agent

The SSH Agent remembers your keys so you don’t type your passphrase repeatedly.

Step 1: Start the SSH Agent

Open Windows Terminal as Administrator (right-click and select “Run as Administrator”).

⚠️ Requires Admin Privileges

Type this command:

Set-Service -Name ssh-agent -StartupType Automatic

Then press Enter.

Next, start the service:

Start-Service ssh-agent

What happens? The SSH Agent service starts and will remember your keys.

Step 2: Add Your Key to the Agent

In the same Terminal window, run:

ssh-add C:\Users\YourUsername\.ssh\id_ed25519

Replace YourUsername with your actual Windows account name.

If you set a passphrase, type it when asked.

What happens? Your key is loaded into the agent. You won’t need to type your passphrase again for this session.

Copying Your Public Key to a Server

Your public key needs to be on the SSH server. This is what lets the server recognize you.

Method 1: Using PowerShell (Easiest)

Open Windows Terminal and run:

type $env:USERPROFILE\.ssh\id_ed25519.pub | ssh user@192.168.1.100 "cat >> ~/.ssh/authorized_keys"

Replace:

• user with your username on the remote server
• 192.168.1.100 with the server’s IP address

Type your password when prompted.

What happens? Your public key is copied to the server and added to the authorized_keys file. The server will now accept your key.

Method 2: Manual Copy (If Method 1 Doesn’t Work)

First, view your public key:

type $env:USERPROFILE\.ssh\id_ed25519.pub

Copy the entire output (it looks like a long jumbled line).

Then, log into your server with SSH and password:

ssh user@192.168.1.100

On the server, create the SSH folder if it doesn’t exist:

mkdir -p ~/.ssh

Create the authorized_keys file and paste your public key:

echo "YOUR_PUBLIC_KEY_HERE" >> ~/.ssh/authorized_keys

Replace YOUR_PUBLIC_KEY_HERE with what you copied earlier.

Set correct permissions:

chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh

Why these commands? They make sure only you can read your authorized_keys file.

Understanding the authorized_keys File

The authorized_keys file on the server contains public keys that are allowed to log in. Each key is one long line.

Location on server: ~/.ssh/authorized_keys (usually in your home folder)

File format: Each public key takes up one line and starts with “ssh-ed25519” or “ssh-rsa”

Why is this important? Only keys listed in authorized_keys can log in. This is your server’s security control.

How to Disable Password Authentication

Once your keys are working, you can turn off password logins for extra security.

⚠️ Warning: Do this only after testing that your SSH key works. Otherwise, you’ll lock yourself out.

Step 1: Log Into Your Server

Connect with SSH:

ssh user@192.168.1.100

If your key is working, you should log in without entering a password.

Step 2: Edit the SSH Configuration File

On the server, open the SSH config file with a text editor:

sudo nano /etc/ssh/sshd_config

⚠️ Requires Admin Privileges on the Remote Server

Type your password if prompted.

Step 3: Find and Change These Lines

Look for these lines in the file (they might have a # at the start):

PasswordAuthentication yes
PubkeyAuthentication yes
PermitEmptyPasswords no

Change them to:

PasswordAuthentication no
PubkeyAuthentication yes
PermitEmptyPasswords no

What does this do? It turns off password login but keeps SSH key login enabled.

Step 4: Save and Restart SSH

Press Ctrl+X, then Y, then Enter to save in Nano.

Restart the SSH service:

sudo systemctl restart ssh

⚠️ Requires Admin Privileges on the Remote Server

What happens? SSH will now only accept key-based login, not passwords.

Creating an SSH Config File on 🪟 Windows 11

A config file makes connecting to servers easier by saving settings.

Create Your Config File

Open Notepad. Create a new file with this content:

Host myserver
  HostName 192.168.1.100
  User myusername
  IdentityFile C:\Users\YourUsername\.ssh\id_ed25519
  Port 22

Host github
  HostName github.com
  User git
  IdentityFile C:\Users\YourUsername\.ssh\id_ed25519

Replace:

• myserver with a nickname for this server
• 192.168.1.100 with the server IP
• myusername with your username
• YourUsername with your Windows account

Save this file as config (no .txt) in C:\Users\YourUsername\.ssh

Using Your Config File

Now you can connect by just typing:

ssh myserver

Instead of the long command with IP address and username.

Why? Config files save time and reduce mistakes.

Troubleshooting SSH Key Authentication Problems

Problem: “Permission Denied (publickey)”

What it means: The server doesn’t recognize your key.

How to fix it:

1. Check that your public key is in the server’s ~/.ssh/authorized_keys file
2. Make sure file permissions are correct: chmod 600 ~/.ssh/authorized_keys
3. Verify you’re using the right key: ssh -i C:\Users\YourUsername\.ssh\id_ed25519 user@192.168.1.100

Problem: “No Such File or Directory: .ssh”

What it means: The .ssh folder doesn’t exist yet.

How to fix it:

On Windows, run:

mkdir $env:USERPROFILE\.ssh

On the remote server, run:

mkdir -p ~/.ssh

Problem: “Too Many Authentication Failures”

What it means: You tried too many wrong keys or passwords.

How to fix it:

1. Wait a few minutes before trying again
2. Specify which key to use: ssh -i C:\Users\YourUsername\.ssh\id_ed25519 user@192.168.1.100
3. Check your SSH config file for errors