Windows 10 SSH client: password-less access

windows-10 keychain ssh openssh

I'd like to purely use the SSH client built-in to Windows 10 - no plink, no putty.

I easily can login to my server using

$ ssh user@server

but it always asks me for my password. When using a private key

$ ssh user@server -i %USERPROFILE%\.ssh\id_rsa

it also asks me for the passphrase. Is the Windows SSH client capable of storing the credentials somewhere like macOS in the keychain?


As an addition to the answer by Thomas S., I found a way Windows can remember the passphrase, even after reboot. This uses PowerShell.

Run this in an elevated PowerShell Session (= run as admin):

Get-Service ssh-agent | Set-Service -StartupType Automatic -PassThru | Start-Service

(Or you can do that with the GUI if you know how. It basically makes the ssh-agent start automatically.)

Optional for Git

In order to make Git recognize all these settings, you need to tell Git to use the internal OpenSSH instead of its own. (Yes, in case of Git there are two OpenSSH instances now)

git config --global core.sshCommand C:/Windows/System32/OpenSSH/ssh.exe

(Use forward-slashes / or double backslashes \\ in this path)

By doing that also Git (including all Git clients) has access to the stored passphrase.

Source: https://github.com/dahlbyk/posh-git/issues/640#issuecomment-435515055


  • be sure the optional Windows feature "OpenSSH Client" is installed
  • ensure the service "OpenSSH Authentication Agent" has at least the "manual" startup type (by default: disabled)
  • start the service, e.g. by invoking ssh-agent (if you get the output "unable to start ssh-agent service, error :1058", the service most likely is in "disabled" state)
  • tell it about the private key file: ssh-add <path-to-private-key-file>
  • now ssh user@server works without asking for the passphrase

Unfortunately, I have not found a way to let it remember the private key and passphrase after reboot.


Generate your key without a passphrase

...> ssh-keygen

then make sure the public key is placed within the authorized_keys file under the .ssh directory of the target machine. I did this by hand. I don't remember the details I used one of the many online examples of how to do this

then when you run

...> ssh -i <private_key_file> squidward@bikinibottom

you will not be prompted for a passphrase

Related

What specifically changes in the Windows environment when opening the control alt delete menu?
Copy all files and folders excluding subversion files and folders on OS X
Mac OS X keyboard shortcut to switch between windows [duplicate]
check if my ethernet controller supports gigabit Ethernet
Google Chrome and Firefox cache in Ubuntu?
Is there any way to limit FFmpeg’s memory usage?
How incoming traffic pass through a port with no port forwarding in home router
Cannot rename backup of Desktop folder
Dropbox sync: deleting files locally and not from dropbox
Getting data off a dying Buffalo Linkstation Live (LS-CHL) NAS
Most resilient container for archiving many small files
How can I display a tooltip message on hover using jQuery?