Use SSH Keys for Windows

You can create, manage, and use Secure Shell (SSH) keys in Windows to remotely access a Linux device using the SSH protocol. JumpCloud stores the public key and an SSH client like PuTTY stores the private key on a Windows device. The public key is sent to all of the Linux devices a user is connected to, but the SSH client facilitates the SSH session.

Understanding SSH and SSH Keys

The Secure Shell (SSH) protocol is used for secure remote login between devices. SSH is used to securely authenticate into a remote device and to encrypt the communication between devices. SSH is a secure alternative to non-protected login protocols such as Telnet or rlogin.

SSH keys are:

  • A set of credentials used in the SSH protocol.
  • A type of public key authentication, which is used for single sign on, smart cards, configuration management, and automation workflows. 
  • Made up of a cryptographic key pair that includes a public key and a private key:
    • The public key is stored on the remote device.
    • The private key is kept on the local device.

Note:

Anyone with the private key can gain access to the remote device that has the corresponding public key. You won’t be able to log in if you start a session without the private key.

Organizations can end up with millions of SSH keys, which makes it easy to lose track of them. Because SSH keys are used to access sensitive resources and perform critical, highly privileged activities, it’s important to properly manage SSH keys in the same manner as other sensitive credentials. As a result, you shouldn’t use authorized keys. Instead, you should use the User Portal to distribute keys.

While SSH keys are standard and more frequently used in Unix and Linux environments, they are also used in Windows devices.

You can use SSH keys for Windows-based SSH clients using the following applications: 

  • PuTTY*
  • MobaXterm 
  • mRemoteNG
  • xshell6

*If using PuTTY, see Manage SSH Keys in PuTTY for more information.

*Windows 10 has the ability to generate and use SSH keys without PuTTY.

Adding the Public SSH Key to your JumpCloud User Portal

Tip:

For information about adding an SSH Public Key to your JumpCloud User Portal, see Add an SSH Key to an Account.

(Optional) Disable Username and Password Logins

After you configure your SSH keys, you could additionally disable username and password logins. If you disable username and password logins, you will only be able to log in through SSH keys. You should disable password authentication. SSH keys provide a stronger method of authentication than passwords and prevents attackers from guessing your password. You will not be able to use SSH keys if the Enable Public Key Authentication checkbox is deselected.

To disable Password login using the private key for SSH logins

  1. Log in to the Admin Portal: https://console.jumpcloud.com.
  2. Navigate to and select the applicable Linux device. 
  3. From the Highlights tab, scroll down to the Device Configuration Section. 
  4. Deselect Allow SSH Password Login.
  5. (Optional) For an extra layer of security, deselect Allow SSH Root Login
    Linux Device > Highlights > Device Configuration
  6. Click Save Device.

Distributing a Public Key to a Device from the User Portal

A user can distribute a public key to their remote devices by uploading a public key to their JumpCloud User Portal. When the public key is added to their User Portal, the JumpCloud Agent distributes the public key to all of the public key authentication-enabled devices that the user has access to. For more information about adding an SSH key to a user account, see Add an SSH Key to an Account.  

(Optional) Distributing a Public Key to a Device from the Admin Portal

Admins can distribute public keys to servers by adding a public key to a user in the JumpCloud Admin Portal. When a public key is added to a user, the JumpCloud Agent distributes the public key to all of the public key authentication enabled-devices the user has access to. This is an optional step, as users should upload the public key themselves to their own User Portal for security reasons and key privacy. 

To add a public key to a user in the Admin Portal:

  1. Log in to the Admin Portal: https://console.jumpcloud.com.
  2. Select an existing user or create a new user. See Get Started: Users.
  3. From the user’s Details tab, expand the Public Keys Section.  
  4. Click add new public key.
  5. Enter a name for the new public key in the Public Key Name field.
  6. Paste the contents of the public key in the Public Key fieldSee Working with PuTTY’s Public Key Format.
  7. Make sure that the Enable Public Key Authentication checkbox is selected in the SSH Settings Section of the device’s Details tab. 
  8. Click save user.
Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case