3 Ways to Generate SSH Keys on Windows

If you do your work via cloud computing, accessing remote servers that are not on your current or home network, you are probably already familiar with SSH or Secure Shell Keys. Because SSH keys are many times more secure than a traditional username and password combination, they are often used to access workstations that rely on remote servers. SSH keys provide easy and secure access to employees or other people they authorize to log in to the server.

Another advantage of SSH keys is their quick creation, which can be done in minutes and without complicated procedures. All of this can be done with a simple Windows computer, and that’s exactly what we’ll cover in this article. Let’s go!

What is SSH Keygen?

SSH keygens can be considered a more sophisticated and much more secure version of traditional username and password access. SSH keys are generated individually for each user using different algorithms and are highly randomized to ensure data protection.

SSH keygens are generally used to access cloud servers securely. However, they can also be used in other workplaces to grant access to users and employees, e.g., in data centers, companies, and more. Keygen creation can be performed on a Windows machine using the three methods described below.

How Does SSH Keygen Function?

Before you learn how to create SSH keys, it’s important to have a brief idea of how they work. When generating SSH keys, you basically create a key pair – a public and a private one. As the name suggests, private keys should not be shared with others.

The public keys, on the other hand, are located on the server of the other party, be it your employer or your company. In this way, the public and private keys can establish a connection between the accessing computer and the central server and communicate with each other. If the lock and the key match, you will be granted access.

Generate SSH Keys Using Command Prompt

The Windows command prompt is the best way to do such things, as it’s built into the system by default. Creating SSH keys takes a few steps at most, and you don’t need any additional tools.

Windows 11 comes with Windows Terminal by default, but we recommend downloading it from the Microsoft Store if you’re using an older version. It can run the Command Prompt, Windows PowerShell, and Windows Subsystem for Linux while offering a much cleaner and more user-friendly interface.

1. Press the Windows key and search for Terminal. To proceed using Command Prompt natively, search for cmd instead.
   
2. Type ssh-keygen and press Enter.
   
3. You’ll be prompted to enter the save path of your choice and the name of the file to be saved. You can skip the first point and save the keys to your PC’s default location, which is usually the C drive. Don’t worry; the location of the file will be displayed next to it.
   
4. You’ll be prompted to enter a passphrase for additional protection. Again, you cannot secure the keys with a passphrase, but we strongly advise against it. Then press the Enter key.
   
5. Enter the passphrase again to confirm it.
   
6. A confirmation message will appear stating that your keys have been generated and saved in the specified location.
   

By default, Windows 11 generates keys that follow the 2048-bit RSA algorithm. However, if you need SSH keys based on a different algorithm, add -t (name of the algorithm) after the first command in the second step. For example, GitHub recommends using the ed25519 algorithm, so you must type ssh-keygen -t ed25519 to generate the respective keys.

In addition, not just one but two files are saved in the specified location – one without and one with the extension .pub. As the name suggests, the file with the .pub extension is the public key, while the file without the extension is the private key of the generated SSH keys. Of course, you mustn’t share the private key with others.

Generate SSH Keys Using WSL

If you like to go the Linux way, then Windows Subsystem for Linux is for you. Although the process is more or less similar, it is recommended for those who are well-versed in the world of Linux. If not, you should stick to the first method.

As a prerequisite, you will need the Windows Subsystem for Linux (WSL) on your Windows 10 PC, which you can download from the Microsoft Store. Windows 11 users do not need to download the WSL tool as the built-in Windows Terminal is well-supported to run WSL commands within the app. As mentioned above, you can download Windows Terminal from the Microsoft Store if you are using an older version of Windows.

1. Open Windows Terminal. Alternatively, you can also open a Command Prompt window within WSL.
   
2. Unlike the first method, you will have to state the algorithm of the keys to be generated. For example, to generate an RSA-4096 key, type ssh-keygen -t rsa -b 4096 “your@email.address” and press Enter. Putting your email address is essential for easy identification. It can be skipped if you are generating the keys using Windows Terminal, as Windows automatically captures your PC’s name and username.
   
3. Enter the file’s location to be saved and provide a passphrase if required. You can choose to stick to the defaults by pressing Enter.
   
4. Confirm your passphrase by typing it again and press Enter.
   

Generate SSH Keys Using PuTTY

For years, PuTTY was the best solution for establishing communication between servers and computers. Although the SSH client is still in use, it is no longer as widespread. Nonetheless, PuTTY is still a capable SSH key generator, so you can give it a try if the above methods fail you for some reason. Before proceeding, download and set up the PuTTY client for Windows. PuTTY can also be downloaded from the Microsoft Store.

1. Press the Windows key and search for PuTTYgen. Open it.
   
2. You will have to select the type of SSH keys to be generated. Select the required key type and enter the bit value under the Parameters section. For instance, choose RSA and enter 4096 to create keys of RSA-4096 type. EdDSA type can be further configured using the dropdown menu beside it to incorporate 255 bits and form keys of Ed25519 type.
   
3. Select Generate.
   
4. The PuTTY generator will prompt you to randomly move your cursor into the empty area to increase the randomness of the key, which in turn increases its strength.
   
5. After the key has been generated, you can specify a passphrase. Confirm the passphrase by entering it again in the following input field.
   
6. Click on Save Public Key to save the public key at your chosen location. The file name should have the extension .pub at the end.
   
7. Save the private key by clicking Save Private Key. You’ll come across a warning if you do not set a passphrase; select Yes to proceed regardless.
   

Note that the default private key only works with PuTTY’s proprietary client. If your workstation does not work with the PuTTY client, it is, therefore, best to export in OpenSSH format to ensure universal compatibility. To do this, select Conversions in the last step and click on the Export OpenSSH key.

How to Generate Multiple Keys?

If you need multiple SSH keys to log in to different servers, you can easily generate multiple keys. To do this, you can repeat any of the above processes and create more SSH keys but don’t forget to label the file names accordingly or save them under unique names to avoid confusion. So that you don’t forget the passphrases of the keys, take a look at the Best Free Password Managers to save the passphrases of the generated keys.

Remember that you must transfer your keys manually when you switch to a new PC. Otherwise, you will lose access to your servers and locations. You can always generate new keys on your new PC, but this is tedious if you already have an extensive key library.

Generate SSH Keys Easily

That’s it, folks! The process of generating SSH keys is easy, and thanks to official and integrated platforms like Windows Terminal, you don’t even need to download a separate app or software. Other platforms like WSL and PuTTY are just as easy to use and effective. Don’t forget the passphrases of the keys, and keep your keys safe by not sharing them with others.

FAQs about SSH Keygens

1. What is SSH keygen?

SSH keygen is a modern replacement for the traditional username and password duo. Technically, SSH keys are virtual keys that are generated, matched, and used to access remote cloud platforms, sites, and servers. It consists of two keys – one public and one private, the first of which resides on the server, while the second grants access when properly matched.

2. Am I bound to provide a passphrase?

No, the creation of SSH keys does not require a passphrase by default. However, as SSH keys are sensitive and can easily be misused, you should make sure that they are stored securely. Remember: The more SSH keys you create, the more passphrases you need to remember for each one.

3. Why are two files getting generated for a single SSH key?

Each SSH key consists of a pair of related files. One has the extension .pub, and the other has no extension. The public key acts like a lock and is transmitted to the central server you want to log in to, while the private key is used as a literal key to access the desired page.

4. How can I generate SSH keys if I am used to Linux?

The Windows Subsystem for Linux, WSL for short, enables the native generation of SSH keys. In addition, the Windows Terminal, which supports WSL commands, can also be used to create Linux-style keys. You may have to plan for a few extra steps, but you’ll reap the added benefits of granular control and familiarity with Linux.

5. How can I transfer SSH keys if I’m upgrading to a new PC?

If you’re upgrading to a new PC and want to transfer your SSH keys, there’s only one way out: you have to transfer them manually to your new PC. If you forget to do this, the generated keys will be completely deleted. If you do not have an extensive library with many SSH keys, you can create new keys on your new PC at any time.

6. How do you locate SSH keys afterward?

Whether Windows Terminal or WSL, you will be shown the exact location of the SSH key you created. If you exit the program without checking, you will need to enter some commands in Windows Terminal. Enter ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub to search for private and public SSH keys, if available.