First of all, forget the one who told you using Putty to generate the key, it’s outdated now.
Why? Because in the past, only Linux supports SSH so that Windows should use third party tool to realize SSH remote connection. But now Windows 10 supports native SSH Client, so you must get used to this one and avoid strange errors or wrongs.
Then, let’s see how to generate SSH key by native SSH Client. It’s easy. Open your local terminal (Linux or Windows) and execute:
In fact, though there is many options can be added, I only recommend one:
ssh-keygen -C username
Must be uppercase C and you can change the username to be any name you want to use, but that should be used to log in your Linux Server as its username later. It should be the same as your Linux username.
To get best experience, please considering to use root by default, or you will confront some strange problems related to permissions.
After you execute the command, you just follow the instructions on the screen. If you want not to overwrite the existing key files, change the default directory. If it suggests you to input Phrase, that can be empty, just enter directly.
When done, remember the default directory in the instruction just now? For Windows, you can cd into
C:\Users\your_username\.ssh\; for Linux, you can cd into home/username/.ssh/.
Private Keys and Public Keys
Now you can see two files: id_rsa and id_rsa.pub.
pub means public, so its a public key. For the other with no extension, it’s a private key.
Here is the annoying question: where should I put them?
Well, if you look up on the internet and you will find too much information about that but you will be more confused.
Exactly, ssh-keygen is just a tool to generate keys, that’s all. It’s not about how to connect. So whatever you generate on Windows or Linux, Client or Server, that’s fine, don’t care about it. You just use a tool to generate two files.
But then the following question again is: So where should I put them indeed?
Well, maybe there is many theories behind the scene, but let me tell you the simple truth: client stores the private key and server stores the public key.
For example, you have PC A and PC B, you want to use PC A connect to PC B, so you should store the private key on PC A and store the public key on PC B.
But you should always make sure they are in a pair because you may have generated many key pairs before or later.
Why the server should store the public key? In fact, it’s easy to understand. The server will show the public key to anyone, but only allow connecting with who holds the private key. Due to the key stored on the server is public, so we called it public key.
Store Public Keys to the Server
Now that we have known we should upload our public key on the server, let’s do it. If your client is Linux, thats easy, using:
But if you are using Windows, ssh-copy-id should not work. So we need to understand what ssh-copy-id does.
Okay, we find a new file called authorized_keys. Go to your Linux server (use shell, SFTP or GUI), create that authorized_keys file under home/user/.ssh/ and copy the pub file contents (you can open it by VS Code) and paste into the new empty file. Save it.
In case, reboot your Linux server now.
If you are familiar with Linux command line, you can create (touch or nano or vim) a file with filename authorized_keys and paste the text contents of the public key files into it, and then save it.
And now we should care about our path to store the private key. If you generate the keys on Windows directly, you should store it under C:\Users\username\.ssh\. If you generate it on Linux but you want to let it be stored on your Windows, you should download it from the Linux first. How to download it? I think SFTP is the best way. Use your SFTP tool to download it from Linux path home/username/.ssh and then store it under the same path on Windows.
Now we should check what we have done before we go on:
- we generate SSH Keys in a pair using ssh-keygen
- we store the private key on our client Windows PC (under C:\Users\your_username\.ssh\)
- we store the public key on our server Linux PC (under home/username/.ssh/authorized_keys)
VS Code Connects to the Server
Open your VS Code, install SSH extensions in Extension Store. After installation, you will find a new icon on the side bar. Click it.
You can add new connection by “+” button. Follow the instruction on the top popped out dialog. After done, click ⚙ button. It will let you choose the path where SSH key files store. Then you will open a config file.
You can edit something here:
Host will change the UI display on the panel.
Hostname: the IP address or URL of your server.
User: should be the same as ssh-keygen -C username.
Port: the SSH port. Default is 22.
If you are using Virtual Machine like VirtualBox, you need to forward your Virtual Machine port (like 22) to the Host Machine port (like 12345).
IdentityFile: if you don’t add this option, VS Code will use the default ssh path (C:\Users\username\.ssh). But if you have many SSH key files to store in different paths, you should tell VS Code where is that file. On Windows, the “\” should be changed to “\\”.
Edit this file as your condition and save it.
Sometimes, there’s a problem on connecting a server by a forwarded port. You need to use the server real IP directly. You need use “ifconfig” command on your server shell screen. If it doesn’t work, just use apt install net-tools to get it. Type ifconfig, you will see server IP on the shell screen. Use this IP in your vscode config file, and set Port as 22(or delete Port line because the default port is 22).
Before we go, a small thing we need to deal with: go to C:\Users\username\.ssh, you will find a file called known_hosts. Delete it, it will be regenerated itself.
Return your VS Code panel, move your cursor on the server you want to connect, an icon will be shown on the right. Click it and you will begin connection in the new window. Follow the instruction on the top pop out dialog, then everything should be done.
If you want to connect to the server by tools like Putty or Shell…
Remember, you must use the same username as your keys generated, or the server will deny connection. (Error message: Permission denied (publickey))
For example, if we generated the key with username jaylin, and you want to connect to the server by Shell, you must use the command below:
After log in as jaylin, if you want to get root permission, you can use
If your private keys stored in some specific path, you should use command below:
ssh -i /path/id_rsa jaylin@ipaddress
If you still meet strange problems, try to delete the known_hosts file under C:\Users\username\.ssh.