- To generate SSH keys on Windows 11, open Command Prompt (admin), and run the “ssh-keygen,” confirm the name for the keys and passphrase. The keys will be generated inside the “.ssh” folder in your profile folder (or in the root of “C.”)
On Windows 11, you can generate private and public SSH keys directly from Command Prompt or PowerShell without having to resource to third-party solutions, and in this guide, you will learn how.
If you are a web developer or network administrator, you’re probably familiar with remote server connections using SSH keys. SSH (Secure Shell Protocol) keys come in pair of public and private keys that you can use to authenticate with a remote server using encryption communication over the internet. Typically, you enable and configure the remote server with SSH and install the public key, and then when establishing a remote connection, you will present the private key (and passphrase if configured) to perform a secure authentication.
Usually, you would use third-party solutions, such as Putty’s PuttyGen tool, to generate SSH keys, but you can also use the built-in SSH key generator on Windows 11 (and 10).
In this guide, you will learn the steps to create SSH keys on Windows 11. (These instructions should also apply to Windows 10.)
Generate SSH keys on Windows 11 (basic)
To generate SSH keys on Windows 11, use these steps:
-
Open Start on Windows 11.
-
Search for Command Prompt or PowerShell, right-click the top result, and select the Run as administrator option.
-
Type the following command to generate a pair of SSH keys and press Enter:
ssh-keygen
-
Confirm a descriptive name for the file (for example, webserver) and press Enter.
-
(Optional) Confirm a passphrase for the SSH keys.
Quick note: The passphrase is a layer of security to protect the keys. If you don’t enter a password when authenticating, you won’t be asked to confirm the passphrase, but entering one is recommended. -
Confirm the passphrase one more time and press Enter.
Once you complete the steps, the private and public keys will be generated and stored in the “.ssh” folder inside your profile folder (%USERPROFILE%). The private key will not include a file extension, while the public key will have a “.pub” extension.
Generate SSH keys on Windows 11 (advanced)
To generate SSH keys using a specific type, use these steps:
-
Open Start.
-
Search for Command Prompt or PowerShell, right-click the top result, and select the Run as administrator option.
-
Type the following command to generate private and public SSH keys using a specific type and press Enter:
ssh-keygen -t ed25519 -C "[email protected]"
Quick note: The “-t” option tells the command that you want to specify a new type of key. In the command, we’re using “ed25519” to create an EdDSA key type. The default creates RSA keys, but you can change it to DSA, ECDSA, ECDSA-K, ED25519, or ED25519-SK. If you don’t specify your email address, the command will generate a random address using your account username"@"
computer name. -
Confirm a descriptive name for the file (for example, webserver) and press Enter.
-
(Optional) Confirm a passphrase for the SSH keys.
-
Confirm the passphrase one more time and press Enter.
After you complete the steps, the SSH keys will be available in the “.ssh” folder in your account folder (%USERPROFILE%).
If the SSH keys are not present in the C:\Users\username\.ssh
folder, the tool may have stored the files in the root of the C:\
drive. Also, if the “.ssh” folder is missing from the profile folder, you can create a new folder manually and run the command again, but this time, you need to append this configuration -f %userprofile%/.ssh/id_ed25519
. The command should be similar to this: ssh-keygen -t ed25519 -C "[email protected]" -f %userprofile%/.ssh/id_ed25519
You can always use the ssh-keygen /help
command to access the available options with descriptions.
If the “ssh-keygen” command isn’t available, you will have to install it manually from Settings > Apps > Optional features. On the settings, click the “View features” button, search for “OpenSSH Client,” and check the option, then click the “Next” and the “Install” buttons.