Introduction
Secure Shell (SSH) is a method for establishing a secure connection between two computers. Key-based authentication uses a key pair, with the private key on a remote server and the corresponding public key on a local machine. When the keys match, access is granted to the remote user.
This guide will show you how to generate an SSH key pair in Windows.
Prerequisites
- A system running Windows 10 or Windows 11.
- A user account with administrative privileges.
- Access to the command prompt.
- A web browser to download PuTTY.
Generate SSH Key Pair in Windows via OpenSSH (ssh-keygen)
ssh-keygen is a command-line tool that is used to generate, manage, and convert SSH authentication keys. As of Windows 10, the OpenSSH client is included by default, which means you can use it directly from the Command Prompt or PowerShell.
Follow the steps below to use ssh-keygen for generating a key pair.
Step 1: Verify if OpenSSH Client is Installed
Start by checking to see if you have the OpenSSH client installed:
1. Open Settings and click System in the left panel.
2. Scroll down and click the Optional features heading.
3. Scroll down the list to see if OpenSSH Client is listed. If it is there, then OpenSSH has already been installed on your system, and you can move on to the next section.
If OpenSSH Client is not in the Added features list, click the View features button at the top to install OpenSSH Client.
4. Type OpenSSH in the search bar and check the box next to OpenSSH Client. Then, click Next to install the feature.
5. In the next window, click the Add button to confirm that you want to install OpenSSH Client.
Wait for the installation to complete, and you can move on to the next section.
Step 2: Use OpenSSH to Generate an SSH Key Pair
Follow the steps below to generate an SSH key pair via OpenSSH:
1. Press the Windows key and type cmd. Press Enter to open the Command Prompt.
2. In the command prompt, run the following command:
ssh-keygen3. You can use the default name for the keys, or you can choose more descriptive names to help you distinguish between keys if you are using multiple key pairs. To stick to the default option, press Enter.
Note: If a file with the same name already exists, you will be asked whether you want to overwrite the file.
4. When prompted, enter a passphrase or hit Enter to skip this step. Repeat the process when prompted to re-enter the passphrase.
5. The system generates the key pair and displays the key fingerprint and a randomart image:
Generate SSH Key Pair in Windows via PuTTY
Before OpenSSH was included with Windows, the PuTTY tool was the gold standard for generating SSH keys. This section shows how to generate SSH keys with PuTTY.
Step 1: Install PuTTY
Follow the steps below to install PuTTY on Windows:
1. Open a web browser and navigate to the PuTTY download page. Download the MSI (Windows installer) for your system architecture (x86 or x64).
2. Double-click the downloaded file to start the installation wizard and the PuTTY Welcome screen appears. Click Next to start the installation.
3. Select the destination folder. Use the default installation configuration unless you have a specific need to change it. Click Next to move on to the next screen.
4. Select which PuTTY product features to install. If you do not have any specific needs, stick to the defaults. Click Next to proceed to the next screen.
5. Once the process completes, click Finish to exit the installation wizard.
Step 2: Create SSH Keys with PuTTY
The process outlined below will generate RSA keys, a classic and widely used encryption algorithm. The PuTTY keygen tool offers several other algorithms: DSA, ECDSA, Ed25519, and SSH-1 (RSA). If you require a different encryption algorithm, select the desired option under the Parameters heading before generating the key pair.
The following table sums up the key differences between the available algorithms:
| Algorithm | Key Size (bits) | Security Level | Speed | Use Case | Strengths | Weaknesses |
|---|---|---|---|---|---|---|
| RSA | 1024 - 4096 | High | Slow | Digital Signatures, TLS | Well-studied, widely used. | Potentially vulnerable to quantum computing attacks. |
| DSA | 1024 - 3072 | Moderate to High | Fast | Digital Signatures | Faster than RSA. | Fixed key size. |
| ECDSA | 256 - 521 | High | Very Fast | Digital Signatures | Smaller key size, high security. | Complex implementation. |
| Ed25519 | 256 | Very High | Very Fast | Digital Signatures | High security, fast, small keys. | Newer, not widely supported. |
| SSH-1 (RSA) | 768 - 2048 | Low to Moderate | Slow | Secure Shell (SSH) | Initial SSH protocol. | Deprecated, vulnerable. |
Follow the steps below to create SSH keys with PuTTY:
1. Press the Windows key and type puttygen. Press Enter to open PuTTY Key Generator.
2. In the PuTTY Key Generator window, click Generate. Move the cursor around in the gray box to fill up the green bar.
3. After the process completes, save the key pair. Click the Save public key button and choose a location to save the key. Give the key a name (e.g., putty_key.pub).
Repeat the process for the private key. You can also set a passphrase to secure the keys additionally.
Generate SSH Keys in WSL
Windows Subsystem for Linux (WSL) allows users to run a Linux environment without a separate virtual machine or dual booting. To generate SSH keys via WSL, first install the WSL feature on Windows. Our tutorial outlines the step-by-step process for installing WSL on Windows.
After you complete the installation, run the Command Prompt as an administrator and follow the steps below to create an SSH key in WSL:
1. In the WSL terminal, assuming you chose to install Ubuntu in WSL, run the following command:
ssh-keygen -t rsa2. The system prompts you for the key location and name. Press Enter to accept the default value.
3. The next prompt is the passphrase, which can be left blank. Alternatively, set a passphrase to secure your key by requiring a password whenever it is accessed.
After you enter the necessary information, the utility creates the keys.
Where to Find Generated SSH Keys in Windows
By default, the system saves the keys generated with PuTTY and OpenSSH to C:\Users\your_username\.ssh\id_rsa. To find the keys, open the File Explorer and navigate to that folder.
You should see two files. The identification is saved in the id_rsa file, and the public key is labeled id_rsa.pub. These two files are your SSH key pair.
Note: The public key is identified with the .pub extension. You can use Notepad to see the contents of both the private and public key.
If you used WSL to generate SSH keys, find them in the ~/.ssh directory accessible from the Ubuntu terminal or in the \wsl$\Ubuntu\home\.ssh\ folder accessible with the Windows file explorer.
Conclusion
This article has provided three methods of generating SSH key pairs on a Windows system. Use the SSH keys to connect to a remote system without using passwords.
Next, check out our guide for passwordless SSH login using SSH keys.
