Secure Linux Login: SSH Keys from Windows

Published: January 21, 2026

← Back to Home

Logging into a Linux server from Windows should always be done via SSH keys. This method is far more secure than passwords and, once configured, allows for seamless “passwordless” entry.

This guide covers generating a modern Ed25519 key on Windows and installing it on a remote Linux server.

1. Generate Your Key on Windows

Modern Windows (10 and 11) includes the OpenSSH client by default. You can generate your keys directly in PowerShell or Command Prompt.

Run this command:

ssh-keygen -t ed25519 -C "your-username"

The -C flag adds a comment to help identify the key later. You can use your username, email, or any label like “windows-laptop” or “work-pc”.

The Prompts:

1. Save Location: Press Enter to save to the default path (usually C:\Users\YourName\.ssh\id_ed25519).
2. Passphrase: (Optional but Recommended) Enter a “password for your key.” This protects your key if your laptop is stolen.

The Result:

You now have two files in your .ssh folder:

• id_ed25519 — Your Private Key. Never share this.
• id_ed25519.pub — Your Public Key. This is what you give to the server.

2. Copy the Public Key to Linux

Since Windows doesn’t have the ssh-copy-id command by default, the most reliable way is to copy the text manually.

Step A: View your Public Key on Windows

Run this in PowerShell to see the text you need to copy:

Get-Content "$env:USERPROFILE\.ssh\id_ed25519.pub"

Copy the entire line that starts with ssh-ed25519.

Step B: Prepare the Linux Server

Log into your Linux server using your password one last time, then run:

# Create the directory and set safe permissions
mkdir -p ~/.ssh
chmod 700 ~/.ssh

# Open the authorized_keys file
nano ~/.ssh/authorized_keys

Step C: Paste and Save

1. Paste your Windows public key on a new line in the nano editor.
2. Press Ctrl+O, then Enter to save.
3. Press Ctrl+X to exit.
4. Set File Permissions: This is the most important step. If permissions are too “open,” Linux will ignore the key for security reasons:

   chmod 600 ~/.ssh/authorized_keys
   

Understanding Permissions:

• 700 (for .ssh folder) means only you can read, write, and access the directory. No one else can even see what’s in it.
• 600 (for authorized_keys file) means only you can read and write the file. No one else can access it at all.

These strict permissions are required because SSH refuses to use keys if they’re readable by other users — it’s a security feature to prevent key theft.

3. Test the Connection

Exit the Linux session and try to log in again from your Windows PowerShell:

ssh username@server-ip-address

If everything is set up correctly, the server will log you in immediately (or ask for your key’s passphrase) without asking for your Linux user password.

4. Troubleshooting Checklist

If you are still prompted for a password, check the following on the Linux side:

1. Ownership: Ensure the .ssh folder and authorized_keys file are owned by your user, not root. ls -ld ~/.ssh
2. Permissions:
   • .ssh folder must be 700
   • authorized_keys must be 600
3. SSH Config: Ensure the server allows key authentication. Check /etc/ssh/sshd_config for the line PubkeyAuthentication yes.

5. Optional: Disable Password Authentication

Once you’ve confirmed that SSH key authentication is working, you can disable password-based login entirely for maximum security. This prevents anyone from attempting to brute-force your password.

On the Linux server, edit the SSH configuration:

sudo nano /etc/ssh/sshd_config

Find and change this line:

PasswordAuthentication yes

To:

PasswordAuthentication no

Save the file (Ctrl+O, Enter, Ctrl+X), then restart SSH:

sudo systemctl restart sshd

Warning: Make absolutely certain your SSH key authentication is working before disabling password auth. Otherwise, you could lock yourself out of the server.

Summary Table: Key Management

Conclusion

SSH key authentication is the gold standard for secure remote access. By replacing passwords with cryptographic keys, you eliminate the risk of password guessing and brute-force attacks. The Ed25519 algorithm provides strong security with minimal overhead, making it perfect for everything from Raspberry Pis to production servers.

Once configured, SSH keys make your workflow faster and more secure — you’ll never have to type a password again, and your Linux servers will be protected by modern cryptography. If you manage multiple servers, you can use the same key pair across all of them, or generate separate keys for different machines depending on your security requirements.

Stay secure!