SSH Key Authentication to Raspberry Pi from Windows

SSH Key Authentication to Raspberry Pi from Windows
Photo by Harrison Broadbent / Unsplash

This guide demonstrates how to securely connect to a Raspberry Pi using SSH key authentication from a Windows environment. While traditional password authentication works, SSH keys provide a more secure and convenient method for remote access.

Prerequisites:

  • Windows 10 or 11 with PowerShell
  • Raspberry Pi with SSH enabled
  • Network connectivity between Windows machine and Raspberry Pi
  • Basic command line knowledge

Note: This tutorial uses PowerShell as the primary tool. Visual Studio Code is mentioned as an optional enhancement but is not required for SSH connectivity.

Understanding SSH Key Authentication

SSH key authentication uses a cryptographic key pair instead of passwords:

  • Private key: Stays on your Windows machine (never share this!)
  • Public key: Gets copied to the Raspberry Pi

This method is more secure than passwords and eliminates the need to type credentials repeatedly.

Generating SSH Key Pair

Open PowerShell

Press Win + X and select "Windows PowerShell" or search for "PowerShell" in the Start menu.

Generate the key pair

Run the following command to create a modern, secure key pair:

ssh-keygen -t ed25519 -C "your-email@example.com"

Why Ed25519? It's more secure and performant than the older RSA algorithm. If you need RSA for compatibility reasons, use:

ssh-keygen -t rsa -b 4096 -C "your-email@example.com"

Configure your key

During generation, you'll be prompted for:

Generating public/private ed25519 key pair.
Enter file in which to save the key (C:\Users\YourName\.ssh\id_ed25519): rpi_key
Enter passphrase (empty for no passphrase): 
Enter same passphrase again:

Important decisions:

  • Filename: Use a descriptive name like rpi_key to identify this key's purpose
  • Passphrase: Strongly recommended for security. You'll enter this when using the key. I left it blank for now.
  • Location: Keys are saved in C:\Users\%USERNAME%\.ssh\ by default

After completion, you'll have two files:

  • rpi_key (private key - guard this carefully!)
  • rpi_key.pub (public key - safe to share)

Configuring the Raspberry Pi

Initial connection

First, connect to your Raspberry Pi using password authentication:

ssh pi@192.168.1.100  # Replace with your Pi's IP address

Transfer the public key

From your Windows PowerShell, run:

type $env:USERPROFILE\.ssh\rpi_key.pub | ssh pi@192.168.1.100 "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

This command:

  1. Reads your public key file
  2. Creates the .ssh directory on the Pi if it doesn't exist
  3. Appends the key to the authorized_keys file

Set correct permissions

Still connected to your Pi, ensure proper permissions:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

These permissions are crucial - SSH will refuse keys if permissions are too open.

Testing Key-Based Authentication

Test the connection

From PowerShell, connect using your new key:

ssh -i $env:USERPROFILE\.ssh\rpi_key pi@192.168.1.100
```

If you set a passphrase, you'll be prompted for it. Otherwise, you should connect directly without a password prompt.

This simplifies future connections. Create or edit C:\Users\%USERNAME%\.ssh\config:

Host rpi
    HostName 192.168.1.100  # Your Pi's IP or hostname
    User pi                  # Your Pi username
    IdentityFile ~/.ssh/rpi_key
    Port 22

Now you can connect simply with:

ssh rpi

Optional: Visual Studio Code Integration

VSCode offers a excellent GUI for SSH connections and remote development.

Install Remote-SSH extension

  1. Open VSCode
  2. Go to Extensions (Ctrl+Shift+X)
  3. Search for "Remote - SSH" by Microsoft
  4. Install the extension

Configure connection

  1. Press Ctrl+Shift+P to open command palette
  2. Type "Remote-SSH: Open Configuration File"
  3. Select C:\Users\%USERNAME%\.ssh\config
  4. Add your Pi configuration (if not already done in step 4.2)

Connect through VSCode

  1. Click the Remote Explorer icon in the sidebar
  2. Find your "rpi" host
  3. Click the connection icon
  4. VSCode will open a new window connected to your Pi

Benefits of VSCode:

  • Full IDE features on remote files
  • Integrated terminal
  • File explorer for the Pi
  • Extension support on remote host

Enhancing Security

Once your basic SSH key authentication is working, consider exploring these security enhancements:

SSH Hardening

  • Disable password authentication in /etc/ssh/sshd_config
  • Change default SSH port from 22
  • Implement fail2ban for brute-force protection

Key Management

  • Use ssh-agent for passphrase caching
  • Consider hardware security keys (FIDO2/U2F)
  • Use different keys for different environments (dev/prod)

Network Security

  • Configure firewall rules (ufw/iptables)

Conclusion

You've successfully configured SSH key authentication between Windows and your Raspberry Pi. This setup provides:

  • Enhanced security over password authentication
  • Convenience of passwordless login (with ssh-agent)
  • Integration with development tools like VSCode

This foundation enables secure remote development, file transfers, and system administration. Whether you're building IoT projects, learning Linux, or running home automation, secure SSH access is an essential skill.

Additional Resources

Remember: Security is a journey, not a destination. Keep learning and stay updated with best practices!

See you soon !
Yacine