How to Generate an SSH Key in Windows: 2 Methods

How to Generate an SSH Key in Windows: 2 Methods

  14 Jan 2024

Key Takeaways

  • Generate an SSH key on Windows using Command Prompt or WSL. The OpenSSH client in Windows 11 makes it easy and secure, while this requires enabling optional features on Windows 10.
  • With Command Prompt or WSL, run “ssh-keygen” or “ssh-keygen -t ed25519” and enter the save location and passphrase (optional) to generate the key.


The SSH (Secure Shell) key is an authentication credential used with the SSH protocol for securing file transfers, connecting networks, and managing most large cloud services like AWS. You can generate them like passwords on Windows and create encrypted connections—here’s how.


How to Generate an SSH Key on Windows

The Secure Shell Protocol (SSH) is the best way to lock down an insecure connection between computers over the web. You should avoid using the protocol with a username and a password and instead opt for a cryptographically-generated SSH key.

Windows 11 comes with a built-in OpenSSH client. This makes it easy to generate SSH keys without using a third-party program. It should work the same way on Windows 10; if you have trouble, open the Windows optional features panel and enable OpenSSH Client option.

There are two ways to generate an SSH key on Windows—the Command Prompt and WSL (Windows Subsystem for Linux). Let’s start with the first method.

You might prefer the Windows Terminal as it provides a unified environment for command-line interfaces. It runs the Command Prompt, PowerShell, and the Windows Subsystem for Linux within a single window. This tool enhances versatility and simplifies tasks like generating SSH keys.

1. Generating an SSH Key Using the Command Prompt

To generate an SSH key on Windows using the Command Prompt, follow these steps:

  1. Run the Command Prompt as an administrator.
  2. In the Command Prompt, type the following and press Enter:
     ssh-keygen 
  3. The system will prompt you to enter a file location where the key should be saved.
  4. Press Enter to save the key at the default location (usually C:Usersyour_username/.ssh/id_rsa). You can also specify a different location if needed.
  5. You will be asked to enter a passphrase for the key. This is an optional step, but the passphrase adds a layer of security to your SSH key and protects it. If you don’t want a passphrase, hit Enter.
  6. Re-enter the passphrase (if you have chosen one) and press Enter. If you didn’t enter a passphrase, press Enter again.

The system will now generate your SSH key and provide you with a fingerprint and the location of the key. You can also view the key pair at the saved location.

In addition to RSA keys, you can also generate Ed25519 keys with it. The process is quite similar, with only a slight change to the command line. Instead of executing with ssh-keygen, run the following command:

 ssh-keygen -t ed25519 

The remaining steps are the same as for generating an RSA key. You’ll now have to enter a file location and set a passphrase (if desired), and the system will generate the key with a fingerprint and location.

The key fingerprint you receive is an identifier for your SSH key. You can use it to confirm authenticity when connecting to a remote server. When you generate an SSH key, two keys are generated—a private and a public key. You can distinguish these two keys by their extensions. The private key has no extension, while the public key ends with a .pub extension.

The private key is used for encryption and decryption and should be kept confidential. On the other hand, the public key is only used for encryption, and sharing it with others does not compromise the privacy of the private key.

2. Generating an SSH Key Using WSL

The second method to generate an SSH key is through the Windows Subsystem for Linux (WSL). But why would you choose WSL when you already have the Windows Command Prompt?

WSL provides a complete Linux environment within Windows to run Linux commands without installing a separate OS. This is useful for developers and system administrators working with Windows and Linux.

If you have trouble with this, see our guide to enabling WSL on Windows.

To start, follow these steps:

  1. Launch the WSL terminal.
  2. To generate an RSA-4096 key, type the following command and hit Enter:
     ssh-keygen -t rsa -b 4096 
  3. To generate an Ed25519 key, change the command accordingly:
     ssh-keygen -t ed25519 
  4. You could also add your email address at the end of the command. This is like a comment that helps easily identify which key belongs to which account if you create multiple keys for different sites. For example, ssh-keygen -t rsa -b 4096 -C “[email protected].
  5. Choose a location for your key, or press Enter to use the default location.
  6. The terminal will prompt you to choose a password. This is optional, so you can leave it blank if you prefer. Press Enter to continue.
    Generating a SSH Key in WSL

Finally, you will see a message with your newly generated SSH key’s location and fingerprint. You can now use this key to secure connections between your computer and remote servers.

What Are the Differences Between RSA and Ed25519 Keys?

In the steps above, we discussed two SSH key types: RSA and Ed25519. But how are they different?

  1. Algorithm: RSA (Rivest-Shamir-Adleman) uses asymmetric encryption, while Ed25519 uses both elliptic curves and asymmetric encryption.
  2. Key Size: RSA keys have variable key sizes, ranging from 1024 to 4096 bits. Ed25519 has a fixed key size of 256 bits, making it faster than RSA.
  3. Security: Ed25519 is generally considered more secure and resistant to attacks.
  4. Performance: Ed25519 is faster and more efficient than RSA.
  5. Compatibility: RSA is more widely supported, but Ed25519 adoption is growing.

Ultimately, you can use either cryptographic algorithm depending on your systems. Generating SSH keys is easy with the methods available in Windows and should be considered because of serious online risks when accessing remote systems.

Leave a Reply

Your email address will not be published. Required fields are marked *