Why Do This?

The reason we are generating SSH keys is because we want to authenticate to the host solely through SSH. Since we are hosting this on the Public Internet it will be getting hammered by scanners and brute force attempts constantly. Having a secure SSH key and only allowing SSH key authentication eliminates a lot of those problems.

Generating Keys on Windows

in the Windows Terminal (which by the way the actual Windows Terminal and WSL are great) we can generate our SSH keys to access our remote host. We want to generate our keys. Run the following. You can use really any encryption algorithm that you want to. Windows uses OpenSSH just like *nix hosts so feel free to check the manual for the following command ssh-keygen -t rsa -b 4096
You should be met with something like this. You can add a password if you want to.

this key can be found in the .ssh\ directory inside your Windows user folder. while you can just copy and paste for adding the key, let's do it the fancy way.

run the following substituting as needed. You can use the root or the user that you created. Be sure to be in the .ssh directory, or specify the file location of the public key.
scp yourkey.pub user@remotehost:

This file will be added to the home directory of wherever you chose.

Configuring Remote Host

If your key was transferred to the root users folder you will need to add it to the home directory of the user that you created earlier. From this point we will be creating the authorized keys file. Once in your users directory use ll to see if the .ssh/ directory is created. If not, run
mkdir .ssh to create it. After this, we will create the authorized keys file and add the key to it

touch .ssh/authorized_keys
cat yourkey.pub >> .ssh/authorized_keys

check the contents of the authorized_keys file to make sure it matches the file that you created on Windows

sshd configuration file

Now is where the rubber will meet the road. We need to edit the ssh daemon's configuration.
Run sudo nano /etc/sshd/sshd_config

If you see this

You're in the right place. We need to change a few values like PermitRootLogin PubkeyAuthentication and a few others. The images that follow will reflect the verification and changes that need to be made to this file. They are in the order that you scroll.

After changing and confirming all of the above, save and exit the file.

Now, restart the ssh service by running
sudo systemctl restart sshd

IMPORTANT

Before you disconnect your current session, open a new tab/window of the terminal on your Windows host and attempt to connect using the key you generated. Substitute the file and host location of the following as needed
ssh -i .ssh/mykey user@host

If this is working, then congratulations!

Proceed to: Configuring Wireguard