How to generate ssh key in windows

About SSH key passphrases

You can access and write data in repositories on GitHub.com using SSH (Secure Shell Protocol). When you connect via SSH, you authenticate using a private key file on your local machine. For more information, see «About SSH.»

When you generate an SSH key, you can add a passphrase to further secure the key. Whenever you use the key, you must enter the passphrase. If your key has a passphrase and you don’t want to enter the passphrase every time you use the key, you can add your key to the SSH agent. The SSH agent manages your SSH keys and remembers your passphrase.

If you don’t already have an SSH key, you must generate a new SSH key to use for authentication. If you’re unsure whether you already have an SSH key, you can check for existing keys. For more information, see «Checking for existing SSH keys.»

If you want to use a hardware security key to authenticate to GitHub, you must generate a new SSH key for your hardware security key. You must connect your hardware security key to your computer when you authenticate with the key pair. For more information, see the OpenSSH 8.2 release notes.

Generating a new SSH key

You can generate a new SSH key on your local machine. After you generate the key, you can add the key to your account on GitHub.com to enable authentication for Git operations over SSH.

1. Open TerminalTerminalGit Bash.

2. Paste the text below, substituting in your GitHub email address.

   $ ssh-keygen -t ed25519 -C "your_email@example.com"

   Note: If you are using a legacy system that doesn’t support the Ed25519 algorithm, use:

   $ ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

   This creates a new SSH key, using the provided email as a label.

   > Generating public/private ALGORITHM key pair.

   When you’re prompted to «Enter a file in which to save the key», you can press Enter to accept the default file location. Please note that if you created SSH keys previously, ssh-keygen may ask you to rewrite another key, in which case we recommend creating a custom-named SSH key. To do so, type the default file location and replace id_ssh_keyname with your custom key name.

   > Enter a file in which to save the key (/Users/YOU/.ssh/id_ALGORITHM: [Press enter]

   > Enter a file in which to save the key (/c/Users/YOU/.ssh/id_ALGORITHM):[Press enter]

   > Enter a file in which to save the key (/home/YOU/.ssh/ALGORITHM):[Press enter]

3. At the prompt, type a secure passphrase. For more information, see «Working with SSH key passphrases.»

   > Enter passphrase (empty for no passphrase): [Type a passphrase]
   > Enter same passphrase again: [Type passphrase again]

Adding your SSH key to the ssh-agent

Before adding a new SSH key to the ssh-agent to manage your keys, you should have checked for existing SSH keys and generated a new SSH key. When adding your SSH key to the agent, use the default macOS ssh-add command, and not an application installed by macports, homebrew, or some other external source.

Generating a new SSH key for a hardware security key

If you are using macOS or Linux, you may need to update your SSH client or install a new SSH client prior to generating a new SSH key. For more information, see «Error: Unknown key type.»

1. Insert your hardware security key into your computer.

2. Open TerminalTerminalGit Bash.

3. Paste the text below, substituting in the email address for your account on GitHub.

   $ ssh-keygen -t ed25519-sk -C "YOUR_EMAIL"

   Note: If the command fails and you receive the error invalid format or feature not supported, you may be using a hardware security key that does not support the Ed25519 algorithm. Enter the following command instead.

   $ ssh-keygen -t ecdsa-sk -C "your_email@example.com"

4. When you are prompted, touch the button on your hardware security key.

5. When you are prompted to «Enter a file in which to save the key,» press Enter to accept the default file location.

   > Enter a file in which to save the key (/Users/YOU/.ssh/id_ed25519_sk): [Press enter]

   > Enter a file in which to save the key (/c/Users/YOU/.ssh/id_ed25519_sk):[Press enter]

   > Enter a file in which to save the key (/home/YOU/.ssh/id_ed25519_sk):[Press enter]

6. When you are prompted to type a passphrase, press Enter.

   > Enter passphrase (empty for no passphrase): [Type a passphrase]
   > Enter same passphrase again: [Type passphrase again]

7. Add the SSH key to your account on GitHub. For more information, see «Adding a new SSH key to your GitHub account.»

Introduction

SSH stands for Secure Shell and is a method used to establish a secure connection between two computers.

SSH works by authenticating based on a key pair, with a private key being on a remote server and the corresponding public key on a local machine. When the keys match, access is granted to the remote user.

This guide will show you how to generate an SSH key pair in Windows 10 using OpenSSH or PuTTY.

Prerequisites

• A system running Windows 10
• A user account with administrative privileges
• Access to the command prompt
• A web browser (optional, to download PuTTY)

Generate an SSH key in Windows 10 with OpenSSH Client

Step 1: Verify if OpenSSH Client is Installed

First, check to see if you have the OpenSSH client installed:

1. Open the Settings panel, then click Apps.

2. Under the Apps and Features heading, click Optional Features.

3. Scroll down the list to see if OpenSSH Client is listed.

• If it’s not, click the plus-sign next to Add a feature.
• Scroll through the list to find and select OpenSSH Client.
• Finally, click Install.

Step 2: Open Command Prompt

1. Press the Windows key.

2. Type cmd.

3. Under Best Match, right-click Command Prompt.

4. Click Run as Administrator.

5. If prompted, click Yes in the Do you want to allow this app to make changes to your device? pop-up.

Step 3: Use OpenSSH to Generate an SSH Key Pair

1. In the command prompt, type the following:

ssh-keygen

2. By default, the system will save the keys to C:Usersyour_username/.ssh/id_rsa. You can use the default name, or you can choose more descriptive names. This can help distinguish between keys, if you are using multiple key pairs. To stick to the default option, press Enter.

3. You’ll be asked to enter a passphrase. Hit Enter to skip this step.

4. The system will generate the key pair, and display the key fingerprint and a randomart image.

5. Open your file browser.

6. Navigate to C:Usersyour_username/.ssh.

7. You should see two files. The identification is saved in the id_rsa file and the public key is labeled id_rsa.pub. This is your SSH key pair.

Generate SSH Keys Using PuTTY

Before OpenSSH was included with Windows, the PuTTY tool was the gold standard for generating SSH keys.

Step 1: Install PuTTY

1. Browse to the developer’s page, and download the installer for PuTTY:

• https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

2. Double-click the downloaded file and follow the installation wizard to finish the installation.

• On the initial dialog of the installation wizard, click Next.
• Select the destination folder. Use the default installation configuration unless you have a specific need to change it. Click Next to move on to the next screen.

• Select PuTTY product features to be installed. Stick to the defaults if you do not have any specific needs. Click Next to move on to the next screen.

• Once the process completes, click Finish to exit the installation wizard.

Step 2: Run the PuTTY SSH Key Generator

1. Press the Windows key.

2. Type puttygen.

3. Under Best Match, right-click PuTTYgen.

4. Click Run as administrator.

5. If prompted, click Yes on the Do you want to allow this app to make changes to your device? pop-up.

Step 3: Use PuTTY to Create a Pair of SSH Keys

The process outlined below will generate RSA keys, a classic and widely-used type of encryption algorithm. The PuTTY keygen tool offers several other algorithms – DSA, ECDSA, Ed25519, and SSH-1 (RSA).

If you require a different encryption algorithm, select the desired option under the Parameters heading before generating the key pair.

1. In the PuTTY Key Generator window, click Generate.

2. Move the cursor around in the gray box to fill up the green bar.

3. Save the public key:

• Click the button labeled Save public key.
• Choose a location to save the key.
• Give the key a name (e.g., putty_key.pub)

4. Save the private key:

• Click the Conversions menu at the top.
• Click Export OpenSSH key.
• You’ll be asked if you want to save a key without a passphrase. Click Yes.
• Choose a location to save the key (usually the same folder as the public key).
• Give the key a name (e.g., putty_key).

Using Your SSH Keys

To use your SSH keys, copy your public SSH key to the system you want to connect to. Use your private SSH key on your own system. Your private key will match up with the public key, and grant access.

For further details and troubleshooting, see our guide on paswordless SSH login using SSH keys.

Conclusion

This article has provided two methods of generating SSH key pairs on a Windows 10 system. Use the SSH keys to connect to a remote system without the use of passwords.

2019-04-07 UPDATE:
I tested today with a new version of windows 10 (build 1809, «2018 October’s update») and not only the open SSH client is no longer in beta, as it is already installed. So, all you need to do is create the key and set your client to use open SSH instead of putty(pagent):

1. open command prompt (cmd)
2. enter ssh-keygenand press enter
3. press enter to all settings. now your key is saved in c:Users.sshid_rsa.pub
4. Open your git client and set it to use open SSH

I tested on Git Extensions and Source Tree and it worked with my personal repo in GitHub.
If you are in an earlier windows version or prefer a graphical client for SSH, please read below.

2018-06-04 UDPATE:

On windows 10, starting with version 1709 (win+R and type winver to find the build number), Microsoft is releasing a beta of the OpenSSH client and server.
To be able to create a key, you’ll need to install the OpenSSH server. To do this follow these steps:

1. open the start menu
2. Type «optional feature»
3. select «Add an optional feature»
4. Click «Add a feature»
5. Install «Open SSH Client»
6. Restart the computer

Now you can open a prompt and ssh-keygen and the client will be recognized by windows. I have not tested this.
If you do not have windows 10 or do not want to use the beta, follow the instructions below on how to use putty.

ssh-keygen does not come installed with windows. Here’s how to create an ssh key with Putty:

1. Install putty
2. Open PuttyGen
3. Check the Type of key and number of bytes to use
4. Move the mouse over the progress bar
5. Now you can define a passphrase and save the public and private keys

For openssh keys, a few more steps are required:

1. copy the text from «Public key for pasting» textbox and save it as «id_rsa.pub»
2. To save the private key in the openssh format, go to Conversions->Export OpenSSH key ( if you did not define a passkey it will ask you to confirm that you do not want a pass key)
   
3. Save it as «id_rsa»

Now that the keys are saved. Start pagent and add the private key there ( the ppk file in Putty’s format)

Remember that pagent must be running for the authentication to work

On Windows, you can create SSH keys in many ways. This document explains how to use two SSH applications, PuTTY and Git Bash.

We recommend ECDSA or RSA keys. DSA keys are supported, but not recomended.

PuTTY

PuTTY is an SSH client for Windows. You can use PuTTY to generate SSH keys. PuTTY is a free open-source terminal emulator that functions much like the Terminal application in macOS in a Windows environment. This section shows you how to manually generate and upload an SSH key when working with PuTTY in the Windows environment.

About PuTTY

PuTTY is an SSH client for Windows that you will use to generate your SSH keys. You can download PuTTY from www.chiark.greenend.org.uk.

When you install the PuTTY client, you also install the PuTTYgen utility. PuTTYgen is what you will use to generate your SSH key for a Windows VM.

	This page gives you basic information about using PuTTY and PuTTYgen to log in to your provisioned machine. For more information on PuTTY, see the PuTTY documentation

Generating an SSH key

To generate an SSH key with PuTTYgen, follow these steps:

1. Open the PuTTYgen program.
2. For Type of key to generate, select SSH-2 RSA.
3. Click the Generate button.
4. Move your mouse in the area below the progress bar. When the progress bar is full, PuTTYgen generates your key pair.
5. Type a passphrase in the Key passphrase field. Type the same passphrase in the Confirm passphrase field. You can use a key without a passphrase, but this is not recommended.
6. Click the Save private key button to save the private key. You must save the private key. You will need it to connect to your machine.
7. Right-click in the text field labeled Public key for pasting into OpenSSH authorized_keys file and choose Select All.
8. Right-click again in the same text field and choose Copy.

Importing your SSH key

Now you must import the copied SSH key to the portal.

1. After you copy the SSH key to the clipboard, return to your account page.
2. Choose to Import Public Key and paste your SSH key into the Public Key field.
3. In the Key Name field, provide a name for the key. Note: although providing a key name is optional, it is a best practice for ease of managing multiple SSH keys.
4. Add the key. It will now appear in your table of keys under SSH.

PuTTY and OpenSSH use different formats of public SSH keys. If the text you pasted in the SSH Key starts with —— BEGIN SSH2 PUBLIC KEY, it is in the wrong format. Be sure to follow the instructions carefully. Your key should start with ssh-rsa AAAA….

Once you upload your SSH key to the portal, you can connect to your virtual machine from Windows through a PuTTY session.

Git Bash

The Git installation package comes with SSH. Using Git Bash, which is the Git command line tool, you can generate SSH key pairs. Git Bash has an SSH client that enables you to connect to and interact with Triton containers on Windows.

To install Git:

1. (Download and initiate the Git installer](https://git-scm.com/download/win).
2. When prompted, accept the default components by clicking Next.
3. Choose the default text editor. If you have Notepad++ installed, select Notepad++ and click Next.
4. Select to Use Git from the Windows Command Prompt and click Next.
5. Select to Use OpenSSL library and click Next.
6. Select to Checkout Windows-style, commit Unix-style line endings and click Next.
7. Select to Use MinTTY (The default terminal of mYSYS2) and click Next.
8. Accept the default extra option configuration by clicking Install.

When the installation completes, you may need to restart Windows.

Launching GitBash

To open Git Bash, we recommend launching the application from the Windows command prompt:

1. In Windows, press Start+R to launch the Run dialog.
2. Type C:Program FilesGitbinbash.exe and press Enter.

Generating SSH keys

First, create the SSH directory and then generate the SSH key pair.

One assumption is that the Windows profile you are using is set up with administrative privileges. Given this, you will be creating the SSH directory at the root of your profile, for example:

C:Usersjoetest

1. At the Git Bash command line, change into your root directory and type.

mkdir .ssh

1. Change into the .ssh directory C:Usersjoetest.ssh

2. To create the keys, type:

ssh-keygen.exe

1. When prompted for a password, type apassword to complete the process. When finished, the output looks similar to:

Ssh-keygen.exe
Generating public/private rsa key pair.
Enter file in which to save the key (/c/Users/joetest/.ssh/id_rsa): /c/Users/joetest/.ssh/
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /c/Users/joetest/.ssh/
Your public key has been saved in /c/Users/joetest/.ssh/
The key fingerprint is:
SHA256:jieniOIn20935n0awtn04n002HqEIOnTIOnevHzaI5nak joetest@periwinkle
The key's randomart image is:

 +---[RSA 2048]----+
 |*= =+.           |
 |O*=.B            |
 |+*o* +           |
 |o +o.  .         |
 | ooo  + S        |
 | .o.ooo* o       |
 |  .+o+*oo .      |
 |   .=+..         |
 |   Eo            |
 +----[SHA256]-----+

$ dir .ssh
id_rsa  id_rsa.pub

Uploading an SSH key

To upload the public SSH key to your Triton account:

1. Open Triton Service portal, select Account to open the Account Summary page.
2. From the SSH section, select Import Public Key.
3. Enter a Key Name. Although naming a key is optional, labels are a best practice for managing multiple SSH keys.
4. Add your public SSH key.

When Triton finishes the adding or uploading process, the public SSH key appears in the list of SSH keys.

What are my next steps?

• Adding SSH keys to agent.
• Set up the Triton CLI and CloudAPI on Windows.
• Set up the Triton CLI and CloudAPI.
• Create an instance in the Triton Service Portal.
• Set up the triton-docker command line tool.
• Visit PuTTYgen to learn more about the PuTTYgen and to see
  the complete installation and usage guide.

An SSH key allows you to log into your server without a password. This guide describes creating SSH keys using a Linux, Mac, or Windows workstation in OpenSSH format, suitable for use with Vultr server instances.

Create an SSH Key with OpenSSH

OpenSSH is standard and should be present on macOS and most Linux distributions. We also have installation instructions for Windows 10 users. Follow these steps to create an SSH key with the OpenSSH utilities.

1. Generate your key with ssh-keygen, substituting your email address.

    $ ssh-keygen -t ed25519 -C "your_email@example.com"
   

   Note: If you use a legacy system that doesn’t support the Ed25519 algorithm, use: ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

   By default, the keys are stored in the ~/.ssh directory. Most SSH clients automatically use these default filenames:

   Algorithm: ED25519 (preferred)

   • Public key: id_ed25519.pub

   • Private key: id_ed25519

   Algorithm: RSA (at least 2048-bit key size)

   • Public key: id_rsa.pub

   • Private key: id_rsa

   Algorithm: DSA (deprecated)

   • Public key: id_dsa.pub

   • Private key: id_dsa

   Algorithm: ECDSA

   • Public key: id_ecdsa.pub

   • Private key: id_ecdsa

2. Press ENTER to save the key in the default location.

   Generating public/private ed25519 key pair.
   
   Enter file in which to save the key (/Users/example/.ssh/id_ed25519):
   

3. You may enter a passphrase for your key. We recommend using a passphrase, but you can press ENTER to bypass this prompt. If you use a passphrase, you will enter it each time you use the key unless you also use ssh-agent.

   Enter passphrase (empty for no passphrase):
   
   Enter same passphrase again:
   

4. Your key is generated and saved.

   Your identification has been saved in /Users/example/.ssh/id_ed25519.
   
   Your public key has been saved in /Users/example/.ssh/id_ed25519.pub.
   
   The key fingerprint is:
   
   SHA256:qx6prR4Zo+VU7Fl8yivXzzzzzzzzJ/9NRnPbrC20w7g example@example.com
   
   The key's randomart image is:
   
   +--[ED25519 256]--+
   
   |                 |
   
   |     o .         |
   
   |    o B o + .    |
   
   |     B + + o +   |
   
   |    = = S o o o  |
   
   |   = + = O + +   |
   
   |  . + B B = * .  |
   
   |     = O   + o   |
   
   |   .+o=.. E .    |
   
   +----[SHA256]-----+
   

5. Make a backup of the private key. The key cannot be recovered if lost.

6. Before connecting to an existing server with your SSH key, you’ll need to add the public key to the authorized_keys file. You can also add the public key to your Vultr account.

Install OpenSSH on Windows 10

The OpenSSH client is an installable component for Windows 10 1809.

1. Launch Settings then go to Apps > Apps and Features > Manage Optional Features.

2. Scan this list to see if OpenSSH Client is already installed. If not, then click Add a feature.

3. Locate OpenSSH Client, then click Install.

4. Optionally, you can also install OpenSSH Client with PowerShell.

Once you’ve installed OpenSSH, follow the instructions above to create your SSH key.

Create an SSH Key on Windows with PuTTYgen

PuTTYgen is part of the PuTTY suite of utilities. It is available for all versions of Windows.

1. Download the latest version of the PuTTY utilities. We recommend the MSI Windows Installer package.

2. Install the package and run PuTTYgen.

3. At the bottom of the program window, select EdDSA for the key type.

4. In the lower-right corner, set «Curve to use for generating this key» to Ed25519 (255 bits).

5. Click the Generate button. Then, move the mouse in the blank area to generate some random data.

6. Enter a Key comment to make the key easier to identify later.

7. The private key must be kept secure from unauthorized use. We recommend entering a Key passphrase to protect the SSH key.

8. Click Save private key and store it securely. It is not possible to recover this file if it is lost. This file is your public/private key pair in PuTTY format. You can re-import this file with PuTTYgen in the future to export or convert the format of your public key.

9. Click Conversions > Export OpenSSH key. Save this file and store it securely. This file is your private SSH key in OpenSSH format. You may need this file if you use an SSH client other than PuTTY.

10. Select the text in the Public key for pasting into OpenSSH authorized_keys file box and save it to a file. This is your public key in OpenSSH format. If you want to add this key to your Vultr account, you’ll also copy and paste this into the Customer Portal.

Recover a Lost Public Key

If you have access to the private key, you can recover the public key with OpenSSH.

Pass ssh-keygen the -y option and the path to the private key with the -f option. When ssh-keygen regenerates the public SSH key, you can redirect the output to a file of your choice.

For example, to regenerate the public key for ~/example_key and send the output to ~/example_key.pub:

$ ssh-keygen -y -f ~/example_key > ~/example_key.pub

If a password is set for the key, you will be prompted to enter it.

Change the Key’s Passphrase

You can change the passphrase on a private key with the -p option and pass the key name with the -f option.

$ ssh-keygen -p -f ~/example_key

Enter your old and new passphrase (twice) at the prompts.

View the Key’s Fingerprint

Print the key’s SHA256 fingerprint with the -l option, and pass the key name with the -f option.

$ ssh-keygen -l -f example_key

The output is something like this:

3072 SHA256:pqdEtfbmIRwqTk9PpApa7DMvAxqCA577vJ/FcgyUM0Q root@localhost (RSA).

Transfer a Key to Your Server

OpenSSH includes a utility to transfer a key to your server. When using this utility, you must authenticate to your server using SSH.

Specify the public key to be transferred with the -i option. Replace the example with your username and the server’s IP address.

$ ssh-copy-id -i ~/.ssh/example_key.pub example_user@192.0.2.123

You will be prompted to authenticate with your server and transfer the key to the remote server’s authorized_keys file.

About SSH Key Formats

OpenSSH 6.5 introduced ED25519 keys in 2014, and they are available on most operating systems. It’s believed that ED25519 keys are more secure than RSA, with better performance. If you use an RSA key, the US National Institute of Science and Technology recommends a key size of at least 2048 bits.

More Information

For more information about managing SSH keys, see our other guides:

• Deploy a New Server with an SSH Key

• How to Add and Delete SSH Keys

• Connect to a Server Using an SSH Key

• Use an SSH Key for Non-root Users