Generate SSH keys in Windows 10 and Windows 11 - - Windows Tips and Tricks with Geek

Thursday, November 18, 2021

Generate SSH keys in Windows 10 and Windows 11


Laptop screen showing SSH connection

Option 1: Generate Keys in the Command Line

Windows 10 has had a built-in OpenSSH client since the April 2018 update. Windows 11 also comes with this feature built-in.

To use it open the Windows Command Prompt by hitting the Windows key and typing “cmd”.

Whether you use Command Prompt or Windows Terminal, type ssh-keygen and hit Enter. This will automatically generate the SSH keys. In our tests on Windows 11, it created a 2048-bit RSA key. If you’d like to use a different algorithm—GitHub recommends Ed25519, for example—then you’d type ssh-keygen -t ed25519.

A Windows Terminal window showing the command prompt with ssh-keygen command

After you type your command hit Enter, and then you’ll be prompted to give your key a name and save it in a specific location. If you use the defaults then it will save your keys in C:\User[YourUserName].ssh —assuming the C drive is where your user account is stored.

Windows 11 Command Prompt displaying the option of where to save SSH keys.

Next, you’ll be asked to enter a passphrase. We highly recommend you do this to keep your key secure.

The Windows 11 Command Prompt asking to create a password for the newly created SSH key.

That’s it your keys are created, saved, and ready for use. You will see you have two files in your “.ssh” folder: “id_rsa” with no file extension and “” The latter is the key you upload to servers to authenticate while the former is the private key that you don’t share with others.

A command line window showing all the commands to create SSH keys

If you wanted to create multiple keys for different sites that’s easy too. Say, for example, you wanted to use the default keys we just generated for a server you have on Digital Ocean, and you wanted to create another set of keys for GitHub. You’d follow the same process as above, but when it came time to save your key you’d just give it a different name such as “id_rsa_github” or something similar. You can do that as many times as you like. Just remember that the more keys you have, the more keys you have to manage. When you upgrade to a new PC you need to move those keys with your other files or risk losing access to your servers and accounts, at least temporarily.

Option 2: Generate Keys in WSL

The WSL Ubuntu command line showing virtually the same SSH key creation process as the Windows Command Prompt.

If you’re a WSL user, you can use a similar method with your WSL install. In fact, it’s basically the same as with the Command Prompt version. Why would you want to do this? If you primarily live in Linux for command line duties then it just makes sense to keep your keys in WSL.

Open up Windows Terminal or the built-in Ubuntu command prompt (assuming you installed Ubuntu Linux). Then it’s very similar to Windows. Unlike Windows, it’s best to specify whether you want an RSA key or something like Ed25519.

Say you wanted to create an RSA-4096 key. You’d type in the following command:

ssh-keygen -t rsa -b 4096

If you wanted Ed25519 then the recommended way is as follows:

ssh-keygen -t ed25519 -C "your@email.address"

It’s recommended to add your email address as an identifier, though you don’t have to do this on Windows since Microsoft’s version automatically uses your username and the name of your PC for this.

Again, to generate multiple keys for different sites just tag on something like “_github” to the end of the filename.

Option 3: Generate Keys With PuTTY

For years, the old school PuTTY program was a popular way to communicate with a server in Windows. If you’ve already got this program on your system it also offers a method for creating SSH keys.

PuTTY comes with a number of helper programs, one of which is called the PuTTY Key Generator. To open that either search for it by hitting the Windows Key and typing “puttygen,” or searching for it in the Start menu.

puTTY and its helper programs listed in the Windows 11 Start menu

Once it’s open, at the bottom of the window you’ll see the various types of keys to generate. If you’re not sure which to use, select “RSA” and then in the entry box that says “Number Of Bits In A Generated Key” type in “4096.” Another alternative is to select “EdDSA,” and then from the drop-down menu that appears below it make sure “Ed25519 (255 bits)” is selected.

Putty Key Generator with red arrows pointing at the key creation options at the bottom of the window.

Now, all you have to do is click “Generate,” and PuTTY will start working. This shouldn’t take too long depending on the strength of your system, and PuTTy will ask you to move your mouse around inside the window to help create a little more randomness during key generation.

Once that’s done click “Save Public Key” to save your public key, and save it where you want with the name “” or “” depending on whether you selected RSA or Ed25519 in the earlier step.

Click the 'Save public key' button in PuTTY.

Then to get your private key it takes an extra step. By default, PuTTY generates PPK keys for use with the PuTTy client. If you want OpenSSH, however, at the top of the window select Conversions  > Export OpenSSH Key and then save the file as “id_rsa” or “id_ed25519” with no file ending.

Select the export SSH key option in Putty.

Generating SSH keys is really easy whichever method you choose. We’d recommend going with the Windows Command Prompt option unless you already have PuTTY installed, or prefer Linux and understand that system.

No comments:

Post a Comment