Product Documentation

Windows OpenSSH

The following section describes how to configure OpenSSH on Windows 10 with an Idem Key, TrustKey G310, or Yubikey 5 NFC FIPS.

 

  1. Windows 10 comes installed with OpenSSH by default, but it is a version that does not support Security Keys. You must get the latest version of OpenSSH for Windows. Search for Apps & Features in the Windows search bar and go to Optional Features.

  2. Search for OpenSSH and uninstall any instances of it. Then, download the .msi installer for the latest version of OpenSSH from here. Install OpenSSH using the installer. Search for Environment Variables in the Windows search bar and open it.


  3. It should open a window that looks like this. Select the “Path” variable and click on “Edit…” A new window will open.


  4. Create a new variable in this window that leads to the installation folder of OpenSSH. By default, it should be located in Program Files. You will then need to reboot the computer. After rebooting, open Windows Powershell and input this command in the terminal:
    shell> ssh -V
    The version of ssh should be displayed. Make sure it is at least OpenSSH 8.2.


  5. Now run this command:
    shell> ssh-keygen -t ecdsa-sk
    This should put you through the process of generating a Windows Security Key keypair.
  6. A window will appear requesting you to set up your Security Key.


  7. Click on “OK”. You will be asked to continue the setup.


  8. Click on “OK”. Windows will ask you for the User PIN on the Security Key. Input the PIN and click “OK”.


  9. Finally, you will be asked to touch the Security Key.


  10. Touch the Security Key and the keypair will be created.


  11. Change directories to the location that the public key was saved to and run this command in the Powershell terminal.
    shell> Get-Content .\id_ecdsa_sk.pub
    It will output the contents of the public key to the terminal.


  12. Copy the contents of the public key and put it into the authorized_keys file of the remote server. Then, restart sshd on the remote server using this command:
    shell> sudo service sshd restart
  13. You may now attempt to ssh into the remote server using Windows Powershell. If there is a password on the private key that was generated then you will have to input it first. After that, it will prompt you to touch your Security Key.


  14. Touch the Security Key and you will be logged into the remote server.