Skip to main content

Generating a SSH key: Windows

Windows PowerShell

Follow the steps below to use ssh-keygen to create a public-private key pair.

  1. Open the Windows Start menu.

  2. Type "PowerShell" in the search bar in the Start menu.

  3. In the right panel, click the "Open" button for the PowerShell app. This will open a window for the PowerShell application.

  4. In the PowerShell application, run ssh-keygen.exe.

  5. Follow the on-screen instructions.

    1. Enter a path to save the key pair. Typically, the default location for key pairs is %HOMEPATH%\.ssh\id_rsa.
    2. Optionally, enter and re-enter a passphrase for the key pair. If you enter a passphrase, you will have to enter it each time you want to use the key pair.

    The private key will be saved to the path entered in Step i, such as %HOMEPATH%\.ssh\id_rsa. The public key will be saved to the path entered in Step i appended with the .pub extension, such as %HOMEPATH%\.ssh\id_rsa.pub.

Add your SSH key to your SSH agent

To enable your SSH client to automatically use your key to connect to workstations, follow the instructions below to add your key to your SSH agent.

  1. Open the Windows Start menu.
  2. Type "PowerShell" in the search bar in the Start menu.
  3. In the right panel, click the "Run as Administrator" button for the PowerShell app. This will run a PowerShell session with elevated privileges, which are necessary to manage keys.
  4. Run the following command to install the SSH-Agent service and configure it to automatically start it when Windows boots.
    Install SSH-Agent
    Get-Service ssh-agent | Set-Service -StartupType Automatic -PassThru | Start-Service
  5. Run the following command to add your SSH key to the SSH-Agent service. Change the path below to the path of your private key.
    Add SSH key
    ssh-add $HOME\.ssh\id_rsa

PuTTY

After downloading and installing PuTTY, follow the steps below to use PuTTYgen to create a public-private key pair.

  1. Open the Windows Start menu.
  2. Type "PuTTYgen" in the search bar in the Start menu.
  3. In the right panel, click the "Open" button for the PuTTYgen app. This will open a window for the PuTTY Key Generator application.
  4. In the PuTTY Key Generator window, click the "Generate" button. By default, the PuTTY Key Generator will generate an 2048-bit RSA key.
  5. Move your mouse within the blank area of the PuTTY Key Generator window to generate random data.
  6. Click the "Save public key" button and save the key to a location such as %HOMEPATH%\.ssh\id_rsa.pub.
  7. Click the "Save private key" button and save the key to a location such as %HOMEPATH%\.ssh\id_rsa.ppk.

Converting an OpenSSH key for use with PuTTY

caution

Keys generated with OpenSSH are not compatible with PuTTY. If your private key file does not have the .ppk extension, it first needs to be converted to PuTTY's format.

  1. Open the "PuTTYgen" application.
  2. In the top menu, select "Conversions" then "Import key".
  3. Select the private key file that you wish to convert. The key information should be loaded in the window.
  4. Click the "Save private key" button to save your key to PuTTY's .ppk format.
  5. If you receive a warning about not using a passphrase, click the "Yes" button.
  6. Select a file name for the converted key. You can use the same name as the input key, with the .ppk extension.
  7. Click the "Save" button.