SSH keys are access credentials that can be used during the authentication process for the secure shell (or SSH) network protocol. SSH itself can be used for a variety of use cases such as remote file transfer, network management and remote server access.
SSH keys come in pairs made up of a private key and a public key. The private key should remain private and secure, hence, not to be shared with anyone. The public key, however, is meant to be shared, and so it should be placed on the remote server that you’d like to access. During the authentication process, the public key is used to encrypt a random challenge message, which is then sent back to the authenticating client. The private key is used to decrypt the message which is then combined with a session ID and sent back to the server. If the message matches what the server sent out, this proves to the server that the client possesses the private key that corresponds with the public key and the client is granted access.
The first step towards using SSH keys is to create them.
Starting in Windows 10, OpenSSH is bundled with the operating system which allows you to easily create a key pair.
Step 1 - verify that OpenSSH is installed
- Click the Start menu, open the Settings panel and click Apps.
- Under Apps and Features, click Optional Features.
- Browse through the list and find OpenSSH Client.
- If it is not listed, click Add a feature, select OpenSSH Client and finally click Install.
Step 2 - create a key pair
- Click the Search icon.
- Type in
cmdand under “Best match”, right click Command prompt and select Run as administrator.
- Once the command prompt opens, type in
ssh-keygenand hit enter.
- The program will prompt you to either use the default filenames (by hitting enter) or select a different filename.
- The program will ask you to enter a passphrase - just hit enter again, to skip this step.
- The key pair will now generate and the program will terminate.
- Browse the target directory (by default, under
%UserProfile%). You should see two files: the private key
id_rsa, and the public key
id_rsa.pub. Even if you’ve changed the default filename, the public key will always have the
That’s it! You now possess your very own SSH key pair and can upload the public key to the server and authenticate using your private key.
Follow the video guide below to add a public key to your SFTP To Go user: