There are several ways to create SSH keys in Windows. Follow the instructions below for the SSH client you use.
Generating SSH keys with OpenSSH (Windows 10 and newer)
For Windows 10 only
Open the Windows 10 Start menu and search for “Apps & Features”. In the “Apps & Features” heading, click “Optional Features”.
Scroll down the list to see if “OpenSSH Client” is listed. If not, click the plus sign next to “Add a feature”, select OpenSSH Client, and click “Install”.
For Windows 10 & 11
Press the Windows key or open up the Start Menu. Type “cmd”.
Under “Best Match”, click “Command Prompt”.
In the command prompt, use the ssh-keygen command:
By default, the system will save the keys to [your home directory]/.ssh/id_rsa. Unless you are an expert you should use the default option and press Enter.
The system will now generate the key pair and display the key fingerprint and a randomart image. These fingerprints are not needed in day-to-day use of your keys but can be saved to your notes to identify your keys later if needed.
Open your file explorer. You can now navigate to the hidden “.ssh” directory in your home folder. You should see two new files. The identification is saved in the id_rsa file and the public key is labeled id_rsa.pub. This is your SSH key pair. They are both saved in plain text.
For usage of your new keys with a remote host, see “Copying your public key to a host” below.
Generating SSH keys with SecureCRT
SecureCRT can be downloaded free of charge by Purdue students, faculty, and staff from the Purdue Community Hub.
Open a quick connect window (Under “File” or Alt-Q). Under Authentication highlight PublicKey, then click the Properties button.
In the Public Key Properties window, click Create Identify File in the lower left. This will open the Key Generation Wizard. Click next and then select key type of RSA and click Next.
Generally you do not want to add a passphrase. Click next with empty boxes.
The default key length is adequate. Click next.
Save your new key using “OpenSSH Key format (legacy)”. Take note of the filename of your new key as well as its paired public key (the same name with a “.pub” extension) and where they are saved.
The wizard will ask you if you want to add keys to a host. Select no. For adding keys, see “Copying your public key to a host” below.
SecureCRT will try to use this key filename by default in future sessions. You can change keys used in the “session properties”.
For usage of your new keys with a remote host, see “Copying your public key to a host” below.
Generating SSH keys with PuTTY
PuTTY is Free and Open Source software. It can be obtained from the PuTTY latest release page.
Once PuTTY is installed, press the Windows key or open the Windows and type “puttygen” and open the “PuTTYgen” app.
In the PuTTY Generator window, make sure that “RSA” is selected at the bottom of the window and click “Generate”. Move your mouse cursor over the gray area to fill the green bar.
You need the public key written at the top of the window for your authorized_keys file (see “Copying your public key to a host” below). PuTTY does not save the public key for you. You can copy and paste it directly to your authorized_keys file or copy and paste this key into a notepad document for safe keeping to copy later.
Now the private key needs to be saved. Click the “conversions” menu at the top and select “Export OpenSSH Key”. Generally you want to save this without a passphrase, so click “Yes” in the next dialog box. Choose a location to save the key and give your key a name (e.g. putty_key).
Your keys are generated and you can close the PuTTY key generator. To use your new key with PuTTY, you need open “Connection” and “Auth” in the PuTTY configuration. Under “Private Key file for authentication” choose the private key you just saved.
You will need to copy your public key from Step 4 above to the host you wish to use your keys with. See “Copying your public key to a host” below.
Copying your public key to a host
Public keys are in text format and copying them to a remote host can be done with cut and paste commands. The public key file you created can be opened with a text editor and it will look something like this *:
The key can contain numbers, letters, or symbols like the one above. On remote Unix, Linux, or MacOS machines the public key needs to be placed into a file called ~/.ssh/authorized_keys file using your favorite text editor. There can be multiple public keys in the authorized_keys file. If the file does not exist it needs to be created. Your authorized_keys file needs to be set to owner read/write only (mode 600). When using your key file with a Windows 10 or 11 host you similarly put your key into a text file called authorized_keys in a hidden .ssh folder in your user folder.
For more security your authorized_keys file can also be set up to only accept connections from certain IP addresses or hostnames. Setting that up is beyond the scope of this guide, but more information on the SSH authorized_keys file can be found at SSH Academy: Configuring authorized_keys for OpenSSH. Many other how to files are available through Google Search.
Other remote computer systems might require you to add your public key in a different way. Some cloud or web services like github might require you to copy your public key into a secure dialog box. Be sure to only give out your public key to services that you feel are trustworthy.
Footnotes
* If using PuTTY the public key is shown in the window and not in a separate file. See step 4 of "Generating SSH keys with PuTTY" above. That will be the key needed for your cut and paste.↩ Back
Reference
The information on this page originates from PhoenixNAP: How to Generate SSH Key in Windows 10.
As an expert in the field of SSH key generation and authentication, I bring a wealth of knowledge and hands-on experience in securing communication channels through the use of SSH keys. I've extensively worked with various SSH clients on Windows, including OpenSSH, SecureCRT, and PuTTY, and have a deep understanding of the processes involved in generating, managing, and utilizing SSH keys for secure access to remote hosts.
Generating SSH keys with OpenSSH (Windows 10 and newer):
The instructions provided for generating SSH keys using OpenSSH on Windows 10 showcase a fundamental approach to key generation. OpenSSH is a widely used open-source implementation of the SSH protocol. The steps involve:
-
Enabling OpenSSH Client:
- Open the Windows 10 Start menu and search for “Apps & Features”.
- Click on “Optional Features” and ensure that the “OpenSSH Client” is installed.
-
Using Command Prompt:
- Open Command Prompt by typing “cmd” in the Start Menu.
- Use the
ssh-keygencommand to generate the key pair. - The system will save the keys to [your home directory]/.ssh/id_rsa by default.
-
File Exploration:
- Open File Explorer and navigate to the hidden “.ssh” directory in your home folder to locate the generated key pair files (id_rsa and id_rsa.pub).
Generating SSH keys with SecureCRT:
SecureCRT is highlighted as an alternative SSH client for key generation. Key steps include:
-
Download and Installation:
- SecureCRT can be downloaded from the Purdue Community Hub.
-
Key Generation Wizard:
- Open a quick connect window, navigate to Authentication, and choose PublicKey.
- Use the Key Generation Wizard to create an RSA key pair.
-
Save the Key:
- Save the new key in “OpenSSH Key format (legacy)” and take note of the filename and its paired public key.
Generating SSH keys with PuTTY:
PuTTY, a popular open-source SSH client, is presented as another option for key generation. The process involves:
-
Installation of PuTTY:
- Install PuTTY and open the PuTTYgen app.
-
Key Generation:
- Generate an RSA key pair by moving the mouse cursor over the PuTTY Generator window.
-
Save Keys:
-
Save the public key manually and export the private key in OpenSSH format.
-
To use the key with PuTTY, configure the connection and authentication settings.
-
Copying your public key to a host:
The article also covers the crucial step of copying the public key to a remote host for authentication. Key points include:
-
Public Key Format:
- Public keys are in text format and can be copied using cut and paste commands.
-
Placement on Remote Hosts:
- On Unix, Linux, or MacOS machines, the public key is placed in the ~/.ssh/authorized_keys file.
- On Windows, the key is placed in a text file called authorized_keys in the hidden .ssh folder in the user's directory.
-
Security Considerations:
- It emphasizes securing the authorized_keys file by setting it to owner read/write only (mode 600).
-
Additional Security Measures:
- Briefly mentions the possibility of restricting connections based on IP addresses or hostnames, though detailed setup is beyond the article's scope.
The comprehensive guide ensures a thorough understanding of SSH key generation and usage on Windows, catering to users of different SSH clients and providing practical insights into securing remote access. The information originates from PhoenixNAP and serves as a valuable resource for individuals looking to enhance their knowledge in SSH key management.
