Skip to content

Connect to Linux from Windows using SSH

Public key authentication uses a cryptographic key pair: a private key kept secret by the user, and a public key stored on the server.

This guide shows how to create a new user on a Linux VM and configure SSH public key authentication from a Windows 11 client.

To connect to a VM using SSH keys: - The user must exist on the server. - The user's public key must be placed in their ~/.ssh/authorized_keys file.

The following steps use a Windows 11 client and an Ubuntu VM, with an existing adminuser account created during VM setup.

1. Generate an SSH Key Pair on Windows

On your Windows client, open PowerShell (or Git Bash) and run:

ssh-keygen -t ed25519 -C "your_email@example.com"
  • Type: Ed25519 is recommended for security.
  • File location: Press Enter for default (C:\Users\<username>\.ssh\id_ed25519).
  • Passphrase: Optional, adds security.

Sample output: 

Generating public/private ed25519 key pair.
Enter file in which to save the key (C:\Users\YourUser/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Users\YourUser/.ssh/id_ed25519.
Your public key has been saved in C:\Users\YourUser/.ssh/id_ed25519.pub.

2. Log into the VM as Admin

Connect to your VM using the existing admin account:

ssh adminuser@<VM-IP>

Example: 

ssh adminuser@50.104.144.17

Accept the prompt and enter the password.

3. Create a New User on the VM

Create a new user (appuser) with default home and Bash shell:

sudo useradd --create-home --shell /bin/bash appuser

Switch to the new user:

sudo su - appuser

4. Setup SSH Directory and Authorized Keys

Create the .ssh directory and the authorized_keys file:

mkdir -p ~/.ssh
touch ~/.ssh/authorized_keys

5. Add Your Public Key to Authorized Keys

On your Windows client, open the public key file:

notepad $env:USERPROFILE\.ssh\id_ed25519.pub

Copy its contents.

On the VM, open the authorized_keys file:

nano ~/.ssh/authorized_keys

Paste your public key into the file, then save and exit (Ctrl+X, Y, Enter).

6. Set Correct Permissions

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

7. Exit Admin Session

Return to your adminuser account:

exit

8. Test SSH Login for the New User

On your Windows client, connect as the new user:

ssh appuser@<VM-IP>

If your key is set up correctly, you will connect without entering a password.

Troubleshooting

  • Permission denied:
  • Check file permissions (chmod steps above).
  • Ensure the public key is in ~/.ssh/authorized_keys for the correct user.

  • Make sure you are using the correct private key.

  • Cannot login as new user:

  • Verify the shell (/bin/bash) is set for the new user.
  • Ensure the user exists: id appuser.

Warning

Keep your private key secure and never share it. Only place your public key on servers.