Set Up Windows 10/11 SSH Client + SSH Config for One-Command Server Logins

Set Up Windows 10/11 SSH Client + SSH Config for One-Command Server Logins​

Difficulty: Intermediate | Time Required: 20 minutes
SSH (Secure Shell) is the go-to way to securely manage Linux servers, network devices, and even Windows machines running OpenSSH Server. Windows 10/11 already includes an SSH client, but many people still type long commands like ssh [email]user@203.0.113.10[/email] -p 2222 and repeatedly enter passwords.
This tutorial shows you how to enable and use the built-in Windows SSH client, generate keys, and create an ~/.ssh/config file so you can connect with a single command like:
ssh webserver

---

Prerequisites​

• Windows 10 or Windows 11 with administrative access
  • Windows 10 version 1809+ and Windows 11 typically include the OpenSSH Client as an optional feature.
• Access to an SSH server (Linux, BSD, network appliance, or Windows with OpenSSH Server)
• Your server details:
  • Host/IP, port (usually 22), username
• Optional but recommended:
  • Permission to add your public key to the server (~/.ssh/authorized_keys)

---

Step-by-step: Enable the built-in OpenSSH Client (Windows 10/11)​

1. Open Settings
   • Windows 11: Settings → Apps → Optional features
   • Windows 10: Settings → Apps → Optional features
2. Check if OpenSSH Client is installed
   • Look for OpenSSH Client in the installed features list.
3. Install it if missing
   • Click View features (or Add a feature in some Windows 10 builds)
   • Search for OpenSSH Client
   • Check it and click Install
4. Verify it works
   • Open Windows Terminal, PowerShell, or Command Prompt
   • Run:
     ssh -V
   • You should see an OpenSSH version string.

Note: Windows Terminal (from Microsoft Store) is optional but highly recommended because it handles tabs, profiles, and copy/paste cleanly.

---

Step-by-step: Create your SSH key pair (recommended)​

Using SSH keys lets you log in without typing a password every time (or you can combine it with a passphrase for strong security).

1. Open PowerShell or Windows Terminal
2. Create the .ssh folder (if it doesn’t exist)
   mkdir $env:USERPROFILE\.ssh
3. Generate a modern key
   ED25519 is recommended:
   ssh-keygen -t ed25519 -a 64 -f $env:USERPROFILE\.ssh\id_ed25519
   • When prompted:
     • Choose a passphrase (recommended) or press Enter for none
     • Add a comment if you want (e.g., your email)
4. Confirm the files exist
   • Private key: C:\Users\<You>\.ssh\id_ed25519
   • Public key: C:\Users\<You>\.ssh\id_ed25519.pub

Warning: Never share your private key (id_ed25519). Only share the .pub file contents.

---

Step-by-step: Add your public key to the server​

There are multiple ways depending on what tools you have.

Option A (easy): Use ssh-copy-id (if available)​

Some environments have ssh-copy-id, but Windows OpenSSH doesn’t always include it. If you have it:
ssh-copy-id -i $env:USERPROFILE\.ssh\id_ed25519.pub user@server

Option B (works everywhere): Copy/paste into authorized_keys​

1. Print your public key
   type $env:USERPROFILE\.ssh\id_ed25519.pub
2. Copy the entire line (starts with ssh-ed25519)
3. Log into the server using password once
   ssh user@server
4. On the server, add the key
   

   mkdir -p ~/.ssh
   chmod 700 ~/.ssh
   nano ~/.ssh/authorized_keys

   Paste the key on a new line, save, then:
   chmod 600 ~/.ssh/authorized_keys
5. Test key login from Windows
   Back on Windows:
   ssh user@server

Tip: If you set a passphrase on your key, you’ll still type it sometimes—but you can use an SSH agent to avoid repeated prompts (covered below).

---

Step-by-step: Create an SSH config for one-command logins​

The magic is the SSH config file:

• Path on Windows: C:\Users\<You>\.ssh\config
• You can define “nicknames” (Host entries) with username, port, identity file, etc.

1. Open (or create) the config file
   In PowerShell:
   notepad $env:USERPROFILE\.ssh\config
2. Add a simple host entry
   Example:
   

   Host webserver
      HostName 203.0.113.10
      User ubuntu
      Port 22
      IdentityFile ~/.ssh/id_ed25519

3. Save the file
4. Connect using one command
   ssh webserver

Add more useful config options (recommended)​

Here’s a more complete example:

Host webserver
    HostName 203.0.113.10
    User ubuntu
    Port 22
    IdentityFile ~/.ssh/id_ed25519
    IdentitiesOnly yes
    ServerAliveInterval 30
    ServerAliveCountMax 3

• IdentitiesOnly yes prevents SSH from trying a bunch of keys (helps with “Too many authentication failures”).
• ServerAliveInterval keeps connections from silently dropping on flaky networks.

Note: Indentation isn’t strictly required, but it improves readability. Use spaces (tabs can work, but spaces are safer).

---

Step-by-step: Use SSH Agent on Windows to avoid repeated passphrase prompts​

If your key has a passphrase, ssh-agent can hold it in memory during your session.

1. Check the ssh-agent service
   Open PowerShell as Administrator and run:
   Get-Service ssh-agent
2. Set it to start automatically (optional)
   

   Set-Service -Name ssh-agent -StartupType Automatic
   Start-Service ssh-agent

3. Add your key to the agent
   In a normal PowerShell window:
   ssh-add $env:USERPROFILE\.ssh\id_ed25519
   Enter your passphrase once, then future connections should be smoother.

Tip: If you prefer, you can run SSH from Windows Terminal and keep the same session open while you work.

---

Tips and troubleshooting​

1) “Permission denied (publickey)”​

• Confirm your public key is in the server’s ~/.ssh/authorized_keys
• Ensure permissions on the server are correct:
  • ~/.ssh should be 700
  • authorized_keys should be 600
• Check you’re using the right username in your config (User)

2) SSH tries the wrong key / too many keys attempted​

Add these to the host entry:

IdentitiesOnly yes
IdentityFile ~/.ssh/id_ed25519

3) Config file not being used​

• Make sure the file is named exactly config (no .txt)
• Confirm it’s located at:
  • C:\Users\<You>\.ssh\config
• Test what SSH is doing with verbose output:
  ssh -v webserver

4) Non-standard port​

If your server uses port 2222, add:
Port 2222
Then ssh webserver still works.

5) Multiple servers (pattern matching)​

You can group settings:

Host *.lab
    User admin
    IdentityFile ~/.ssh/id_ed25519

Host router.lab
    HostName 192.168.1.1

Host nas.lab
    HostName 192.168.1.50
    Port 2222

Now you can run ssh router.lab and ssh nas.lab.

6) Security note: protect your private key​

• Use a passphrase when possible
• Don’t store private keys in shared folders
• Avoid copying private keys between machines unless you understand the risk

---

Conclusion​

With the Windows built-in OpenSSH Client enabled, a secure key pair created, and a properly configured ~/.ssh/config, you can log into your servers with a clean one-command workflow. This reduces typing mistakes, speeds up daily admin tasks, and encourages better security practices (like key-based authentication and consistent settings).
Key Takeaways:

• SSH Client is built into modern Windows 10/11 and can be enabled via Optional Features.
• SSH keys provide stronger, more convenient authentication than passwords.
• An ~/.ssh/config file lets you connect with ssh nickname instead of long commands.
• ssh-agent can store your key passphrase to streamline repeated connections.

---

This tutorial was generated to help WindowsForum.com users get the most out of their Windows experience.