This should apply to Windows Server 2022, Windows Server 2019, Windows 10 (build 1809 and later).
Generating the key
On a machine with
ssh-keygen installed, run:
ssh-keygen -t ed25519 -f ~/.ssh/example.com
example.com is the host you’re going to ssh into, and is the base filename for where the key’s going to end up. I do it this way, you can do whatever you like.
Configuring the Windows machine
You need to create and fix the permissions on the “admin” keyfile:
touch "c:\ProgramData\ssh\administrators_authorized_keys" icacls.exe "c:\ProgramData\ssh\administrators_authorized_keys" /inheritance:r /grant "Administrators:F" /grant "SYSTEM:F"
Update the “administrators” key file and your own with the contents of
example.com.pub - make sure it’s the .pub one, because the “destination” machine only needs the public part of your key to validate it, keep your private key private 😁
echo ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsS57N8DEFYUVEUjIY4OhISq7rsopzTfZEaDf9oQiKX > "%USERPROFILE%\.ssh\authorized_keys" echo ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOsS57N8DEFYUVEUjIY4OhISq7rsopzTfZEaDf9oQiKX >> "c:\ProgramData\ssh\administrators_authorized_keys
Now you should be able to SSH in to your machine!
ssh -i ~/.ssh/example.com example.com Microsoft Windows [Version 10.0.19044.2728] (c) Microsoft Corporation. All rights reserved. firstname.lastname@example.org C:\Users\yaleman>