This section of Getting Started assumes that:
Supports SSH client, telnet client, SFTP client (command line only), and rlogin client. Both SSH2 and SSH1 protocols are supported. Note that use of SSH1 is not recommended for security reasons. Practically all devices support SSH2 these days. Supports public key authentication and Active Directory /Kerberos authentication. The OpenSSH server reads a configuration file when it is started. Usually this file is /etc/ssh/sshdconfig, but the location can be changed using the -f command line option when starting sshd. Some organizations run multiple SSH servers at different port numbers, specifying a different configuration file for each server using this option.
- You have recently installed Bitvise SSH Server.
- You have configured the SSH Server for access using SFTP, for Git access, or another purpose.
- You have installed Bitvise SSH Client on the computer from which you wish to connect.
- You wish to configure public key authentication between the SSH Server and Client.
Before you configure public key authentication, it is important to understand:
- Public keys, in the way they are commonly used in SSH, are not X.509 certificates.
- Client authentication keys are separate from server authentication keys (host keys).
- A keypair consists of a private key and a public key, which are separate.
- A private key should never be sent to another party. It is private.
If this is the first time you are using public keys, we recommend the page Public keys in SSH.
To use public key authentication, the client from which you are connecting needs to have a public/private keypair. To generate a keypair using Bitvise SSH Client, run the graphical SSH Client, and open the Client key manager:
Press the Generate button to generate a new keypair:
Guidelines:
Unless required for compatibility reasons, do not generate a DSA keypair. Only 1024-bit DSA keys are interoperable in SSH, and this key size is no longer considered adequate when using the DSA algorithm. Generate either an ECDSA keypair, or an RSA keypair of size 2048 bits or larger.
If you have saved a named SSH Client profile, the keypair generation interface will offer to store the keypair either in the profile, or globally.
When the keypair is stored globally, it is stored in the Windows registry for the current user, under HKCUSoftwareBitviseKeypairs.
It may be useful to store the keypair in a profile if the profile is going to be used on other computers, or by a job that runs as a different Windows account on the same computer. In SSH Client versions 7.xx and higher, the setting Sensitive information accessibility on the Login tab controls whether a keypair stored in the profile can be read by another Windows user, or on another computer.
You can choose a passphrase with which to protect the keypair. If you enter a passphrase, you will need to provide it every time the keypair is used for authentication.
Before you can use public key authentication, the public key for the keypair you have generated must be configured in the SSH Server. If you are able to connect to the SSH Server using password authentication, you can connect to the server and upload the public key using the Client key manager:
If the SSH Server does not allow you to connect using password authentication, or does not allow you to upload the key, you will need to send the public key to the server administrator using an alternate method of communication. To do this, export the public key using the Client key manager:
For help with importing the public key into Bitvise SSH Server, check the Public Key Authentication section of our SSH Server Usage FAQ.
Once the public key has been uploaded or imported for your account in the SSH Server, configure the SSH Client to enable public key authentication on the Login tab:
Ssh Client Configuration Sourcetree
You should now be able to connect to the SSH Server using your public key:
Windows 10 Ssh Config File
Save the profile to preserve this configuration.