Windows doesn’t come with built in SSH support so you have to rely on some third party software. There are several options available. You can install Git for Windows that includes Git Bash which supports making ssh connections. You can install Bitwise SSH Client. PuTTY and Cygwin are also among popular alternatives. I am using both Git Bash as well as Bitwise SSH Client for my daily tasks. In this tutorial I’ll be explaining how to get this thing done with Git Bash.
First thing we have to do is generating an SSH key-pair. A key-pair is made of a public key and a private key. We can use `ssh-keygen` command to generate key-pairs. Fire up Git Bash and type below command:
When you run the above command, it will prompt you to enter the path and file name that should be used for the key-pair. If you don’t specify a path and a file name, it will use /c/Users/YourUserName/.ssh/id_rsa as the default.
In this case we are going to stick with the default path and file name. So press Enter to proceed. Next it will prompt you to enter a passphrase for the keys that you are about to generate. This step is also optional so you are free to proceed by simply pressing enter key again. It will prompt you once more to verify the passphrase. Since we haven’t entered a passphrase at the previous step, we can just press enter to proceed. Now you should see few messages that indicates whether the keys are generated correctly. Finally it will return your shell prompt:
Now if you look at C:/Users/YourUserName/.ssh directory, you should see two files named id_rsa and id_rsa.pub are created there. id_rsa is known as the private key while id_rsa.pub is called the public key.
As the next step you got to copy and paste the contents of id_rsa.pub into the Authorized_keys file of the server you want to connect with SSH. To copy the contents of id_rsa.pub you can either open it with a text editor program like notepad or you can simply execute below command in the Git Bash:
$ cat /path/to/id_rsa.pub
For example, if you look at the output of my ssh-keygen (screenshot 2), the /path/to/id_rsa.pub should be /c/Users/Ami/.ssh/id_rsa.pub. When you execute the above command it will dump the contents of .pub key into Git Bash that you can select and copy to the clipboard.
In the server, you can usually find its Authorized_keys file in a directory named .ssh located in your Home directory. If its not there you can simply create it yourself. Then you just have to open it, paste the contents that you copied from the .pub key and save it. After you’ve done that you should be all set to make an SSH connection to the server.
Back in your Git Bash, enter below command to make an SSH connection:
$ ssh remote_username@remote_server_ip
The above command assumes that your remote server’s ssh daemon runs on default port 22. So it will try to connect through port 22. If the remote server runs its ssh daemon on a different port, then the command will fail. In such cases you can change it to specify which port to use by adding -p flag as shown below:
remote_username@remote_server_ip -p port
If the command is able to connect to the remote server, and if it is the first time you attempt to connect to that server from your computer you should see a message prompting you to confirm whether you want to continue connecting or not. For this you can simply type ‘yes’ and press enter. At this point given your public and private key pair signatures match with each other, you should be successfully authenticated to the server and you’ll have the shell access to the server:
You should know you have got the shell access by seeing your shell prompt has changed to something like USERNAME@REMOTE_IP [~]#
However if you get the message ‘Permission denied (publickey,gssapi-keyex,gssapi-with-mic).‘, it indicates your public/private key authentication has failed. If that happens check to see if your public key contents matches with the contents you pasted into remote server’s authorized_keys file. A common cause that can result in an authentication failure is when you have used a different key-pair name instead of default ‘id_rsa’ when generating the key-pair with ssh-keygen. For an example if you have generated a key-pair named mykey and mykey.pub then ssh agent can’t automatically identify the private key ‘mykey’ when it tries to connect to a server that has mykey.pub signature. So what happens is ssh agent tries to match mykey.pub signature with its default private key ‘id_rsa’. Since mykey.pub and id_rsa doesn’t belong to the same key-pair it obviously fails. To remedy this issue you can add your ‘mykey’ to ssh agent’s identity list by executing below commands in your Git Bash:
Start ssh-agent with below command:
$ eval "$(ssh-agent -s)"
If it was successful you should see an output like `Agent pid 43334`
Then you can load your ssh key(mykey) to the agent with below command:
$ ssh-add /path/to/mykey
Usually the /path/to/mykey should be /c/Users/YourUserName/.ssh/mykey. When you execute that command you should see the message “Identity added: /c/Users/YourUserName/.ssh/mykey (/c/Users/YourUserName/.ssh/mykey)“.
With that two additional steps completed, you should be able to connect to the server without a problem.
If you get the error message “ssh: connect to host xxx.xxx.xxx.xxx port xxxxx: Connection timed out” then it indicates either you have misspelled the ip address or the server is not responding.
If you get the error message “ssh: connect to host xxx.xxx.xxx.xxx port xxxxx: Connection refused” then it indicates SSH service is not running on the port that you would expect or server maybe blocking your request.