If part of your life involves logging into a remote server, whether it’s your own blog, installing Nextcloud, or pushing the latest changes to GitHub, you need SSH keys. In Windows 10 and 11, we’re spoiled for choice when it comes to generating new keys.
Here’s how to create all the SSH keys you’ll ever need using three different methods. We’ll show you how to generate an initial set of keys, as well as additional ones if you want to generate different keys for multiple sites.
Windows 10 has had a built-in OpenSSH client since the April 2018 update. Windows 11 also has a built-in feature.
To use it, open the Windows Command Prompt by pressing the Windows key and typing “cmd”.
Advice. If you use the command line a lot, we highly recommend installing Windows Terminal from the Windows Store (it’s installed by default on Windows 11). It is a tabbed program that can run Command Prompt, PowerShell, and Windows Subsystem for Linux in the same window. It also has fun features like setting background images.
Whether you are using the command line or the Windows terminal, type
ssh-keygenand press Enter. This will automatically generate SSH keys. In our tests on Windows 11, it generated a 2048-bit RSA key. If you want to use a different algorithm – for example, GitHub recommends Ed25519 – enter
ssh-keygen -t ed25519.
After you type your command press Enter and you will be prompted to give the key a name and save it to a specific location. If you use the defaults, your keys will be preserved
C:\User[YourUserName].ssh– provided that your user account is stored on the C drive.
Next, you will be asked to enter a passphrase. We strongly recommend that you do this to keep your key safe. If you’re worried about forgetting your password, check out Review Geek’s roundup of the best password managers . If you really don’t need the passphrase, just press Enter.
That’s it, your keys are created, saved and ready to use. You will see that you have two files in the “.ssh” folder: “id_rsa” without the file extension and “id_rsa.pub”. The latter is the key that you upload to the servers for authentication, while the former is the private key that you don’t share with others.
Note. If you can’t see your “.ssh” folder in File Explorer, check out our guide on how to show hidden files and folders in Windows.
If you want to generate multiple keys for different sites, that’s easy too. Say for example you wanted to use the default keys we just created for your server at Digital Ocean and you wanted to create a different set of keys for GitHub. You will follow the same process as above, but when it comes time to save your key, you will simply give it a different name, like “id_rsa_github” or something similar. You can do this as many times as you like. Just remember that the more keys you have, the more keys you have to manage. When you move to a new computer, you need to move these keys along with your other files or you risk losing access to your servers and accounts, at least temporarily.
If you are a WSL user, you can use a similar method when installing WSL. In fact, it’s basically the same as the command line version. Why would you want to do that? If you mainly live on Linux for command line work, then it makes sense to store your keys in WSL.
Open a Windows terminal or the built-in Ubuntu command line (assuming you have installed Ubuntu Linux). Then it’s very similar to Windows. Unlike on Windows, it’s better to specify if you need an RSA key or something like Ed25519.
Let’s say you wanted to create an RSA-4096 key. You must enter the following command:
ssh-keygen -t rsa -b 4096
If you need Ed25519, the recommended way is as follows:
ssh-keygen -t ed25519 -C "firstname.lastname@example.org"
It’s recommended that you add your email address as an identifier, although you don’t need to do this on Windows as the Microsoft version automatically uses your username and your PC name for this.
Again, to generate multiple keys for different sites, just mark something like “_github” at the end of the filename.
For years, the old school PuTTY program has been a popular way to communicate with a server on Windows. If you already have this program on your system, it also offers a way to generate SSH keys.
PuTTY comes with a number of utility programs, one of which is called the PuTTY key generator. To open it, search for it by pressing the Windows key and typing “puttygen” or search in the start menu.
Once it opens, at the bottom of the window you will see different types of keys to generate. If you are not sure what to use, select “RSA” and then in the “Number of Bits in Generated Key” input box, enter “4096”. Another alternative is to select “EdDSA” and then in the drop-down menu that appears below it, make sure “Ed25519 (255 bit)” is selected.
Now all you need to do is click on “Create” and PuTTY will start working. This shouldn’t take too long, depending on the power of your system, and PuTTy will ask you to move your mouse inside the window to create a bit more randomness during key generation.
After that click “Save Public Key” to save the public key and save it where you want with the name “id_rsa.pub” or “id_ed25519.pub” depending on whether you chose RSA or Ed25519 on the previous step.
Then, an extra step is required to get your private key. By default, PuTTY generates PPK keys for use with the PuTTy client. However, if you need OpenSSH, select “Conversions” > “Export OpenSSH Key” at the top of the window, and then save the file as “id_rsa” or “id_ed25519” without ending the file.
Generating SSH keys is very easy, whichever method you choose. We recommend using the Windows command line option if you don’t already have PuTTY installed, or if you prefer Linux and don’t understand the system.