top of page
  • Writer's pictureAsh K.

How to SSH with a Cert from a Windows Host using Powershell to a Linux Guest

It's weirdly difficult to find information on how to ssh from a Windows host using anything other than Putty. Not that I have anything against Putty, but OpenSSH is a built-in service on the most recent versions of Windows 10, so why not use it from Powershell?

You can ssh from Powershell using password-based authentication pretty easily, but what if we wanted to use certificate-based authentication? There's a couple extra steps we have to take.

This is a really simple tutorial. This tutorial assumes your Linux Guest is local to your Host. If it's not, you may have to take a few extra steps to get your ssh session working. Once it's working using password-based authentication, you should be able to follow this to get cert-based auth working.

From Linux Guest:

# Create your SSH key directory 1. From the home directory:

mkdir ~/.ssh/

From Windows Host: 1. Open Powershell in admin # Start the SSH agent

Get-Service -Name ssh-agent | Select StartType

3. If status is Stopped or Disabled:

Get-Service -Name ssh-agent | Set-Service -StartType Manual
Start-Service -Name ssh-agent
Get-Service -Name ssh-agent # status should now be Running

# Generate your SSH Key Pair

  • You can choose whatever file location you want, or enter through for defaults

  • Make a note of your key pair file location

# Add the private key to the SSH agent

ssh-add <path to private key file>

# Copy the public key to the Linux Guest

scp <path to public key file> <linux username>@<linux IP/hostname>:~/.ssh
  • scp will overwrite anything with the exact same name, so make sure to use a unique key name

From Linux Guest: # Set permissions on the public key

2. cd .ssh 3. ls (you should see the public key file) 4. cp <public key file> authorized_keys 5. chmod 644 authorized_keys

From Windows Host:

# Test your cert authentication 7. Exit any logged-in sessions to your Linux Guest 8. ssh <linux username>:<linux IP/hostname> 9. You should not be prompted for a password!

373 views0 comments


bottom of page