Windows 11 Optimization & SSH Setup#

This guide covers privacy hardening by disabling the “Recall” feature and setting up SSH keys for remote access to your homelab infrastructure.

1. Managing Windows Recall (AI Privacy)#

Windows Recall captures snapshots of your screen to help you find things you’ve seen. For increased privacy, you can manage this feature via the Deployment Image Servicing and Management (DISM) tool.

Check Status#

Run Command Prompt (CMD) as Administrator and execute:

Dism /Online /Get-Featureinfo /Featurename:Recall

Disable Recall#

To remove the feature from the current online image:

Dism /Online /Disable-Feature /Featurename:Recall

Enable Recall#

If you need to restore the feature:

Dism /Online /Enable-Feature /Featurename:Recall

2. Generate SSH Keys#

To connect securely to your Proxmox nodes, TrueNAS, or VPS without passwords, generate an Ed25519 key pair (recommended for security and speed).

Step 1: Open PowerShell#

Right-click the Start button and select Terminal or PowerShell.

Step 2: Run Key Generator#

ssh-keygen -t ed25519 -C "marc@windows11-desktop"

Step 3: Locate Your Keys#

By default, your keys are stored in your user profile:

  • Public Key: C:\Users\marc\.ssh\id_ed25519.pub (Share this with servers)
  • Private Key: C:\Users\marc\.ssh\id_ed25519 (Never share this)

Step 4: Copy Key to a Server#

You can use the type command to display the key so you can copy/paste it into a server’s authorized_keys file:

cat ~/.ssh/id_ed25519.pub

If you frequently use SSH on Windows, consider enabling the OpenSSH Authentication Agent service to manage your passphrases so you only have to enter them once per session.

Set-Service ssh-agent -StartupType Automatic
Start-Service ssh-agent
ssh-add ~/.ssh/id_ed25519
Backward Wake-on-LAN (WOL) Configuration & Inventory Backup Scripts Migration Tracker Forward