Key pairs refer to the public and private key files that are used by certain authentication protocols. SSH public key authentication uses asymmetric cryptographic algorithms to generate two key files — one "private" and the other "public".
The private key files are the equivalent of a password, and should stay protected under all circumstances. If someone acquires your private key, they can log in as you to any SSH server you have access to. The public key is what is placed on the SSH server, and may be shared without compromising the private key.
When using key authentication with an SSH server, the SSH server and client compare the public key for a user name provided against the private key. If the server-side public key cannot be validated against the client-side private key, authentication fails. Multi-factor authentication may be implemented with key pairs by entering a passphrase when the key pair is generated see user key generation below. During authentication the user is prompted for the passphrase, which is used along with the presence of the private key on the SSH client to authenticate the user.
Public keys have specific ACL requirements that, on Windows, equate to only allowing access to administrators and System. On first use of sshd, the key pair for the host will be automatically generated. By default the sshd service is set to start manually. To start it each time the server is rebooted, run the following commands from an elevated PowerShell prompt on your server:.
If no algorithm is specified, RSA is used. A strong algorithm and key length should be used, such as Ed in this example. To generate key files using the Ed algorithm, run the following from a PowerShell or cmd prompt on your client:.
At this point, you'll be prompted to use a passphrase to encrypt your private key files. This can be empty but is not recommended. Open the public key file in Notepad. Ensure you get the entire file. Connect to the server with Remote Desktop. If one doesn't exist, create it. Note, Windows Explorer won't let you create the folder with the name ".
Instead, use ". The extra dot will be removed, and you'll have a folder correctly named. If the file already exists, just open it. Note, this file has no extension. You may need to make file extensions visible to ensure you remove the. If there was already a key in this file, paste your key onto a new line below the existing one. Here are the complete steps: Open the public key file in Notepad.
You may need to make file extensions visible to ensure you can remove the. Share this article. Mitchell Grande Systems Engineer. Documentation in this section focuses on how OpenSSH is used on Windows, including installation, and Windows-specific configuration and use cases. The Microsoft fork of this project is in GitHub. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info.
0コメント