How to generate SSH keys on Windows 11

Do you need to generate some SSH keys to configure an encrypted connection between your device and a remote server? Here's how on Windows 11 without third-party tools.

Windows 11 SSH Keygen
Windows 11 SSH Keygen
  • To generate SSH keys on Windows 11, open Command Prompt (admin), and run the “ssh-keygen,” confirm the name for the keys and passphrase. The keys will be generated inside the “.ssh” folder in your profile folder (or in the root of “C.”)

On Windows 11, you can generate private and public SSH keys directly from Command Prompt or PowerShell without having to resource to third-party solutions, and in this guide, you will learn how.

If you are a web developer or network administrator, you’re probably familiar with remote server connections using SSH keys. SSH (Secure Shell Protocol) keys come in pair of public and private keys that you can use to authenticate with a remote server using encryption communication over the internet. Typically, you enable and configure the remote server with SSH and install the public key, and then when establishing a remote connection, you will present the private key (and passphrase if configured) to perform a secure authentication.

Usually, you would use third-party solutions, such as Putty’s PuttyGen tool, to generate SSH keys, but you can also use the built-in SSH key generator on Windows 11 (and 10).

In this guide, you will learn the steps to create SSH keys on Windows 11.  (These instructions should also apply to Windows 10.)

Generate SSH keys on Windows 11 (basic)

To generate SSH keys on Windows 11, use these steps:

  1. Open Start on Windows 11.

  2. Search for Command Prompt or PowerShell, right-click the top result, and select the Run as administrator option.

  3. Type the following command to generate a pair of SSH keys and press Enter:

    ssh-keygen

    ssh-keygen command

  4. Confirm a descriptive name for the file (for example, webserver) and press Enter.

  5. (Optional) Confirm a passphrase for the SSH keys.

    Quick note: The passphrase is a layer of security to protect the keys. If you don’t enter a password when authenticating, you won’t be asked to confirm the passphrase, but entering one is recommended.
  6. Confirm the passphrase one more time and press Enter.

Once you complete the steps, the private and public keys will be generated and stored in the “.ssh” folder inside your profile folder (%USERPROFILE%). The private key will not include a file extension, while the public key will have a “.pub” extension.

Generate SSH keys on Windows 11 (advanced)

To generate SSH keys using a specific type, use these steps:

  1. Open Start.

  2. Search for Command Prompt or PowerShell, right-click the top result, and select the Run as administrator option.

  3. Type the following command to generate private and public SSH keys using a specific type and press Enter:

    ssh-keygen -t ed25519 -C "[email protected]"

    ssh-keygen with type command

    Quick note: The “-t” option tells the command that you want to specify a new type of key. In the command, we’re using “ed25519” to create an EdDSA key type. The default creates RSA keys, but you can change it to DSA, ECDSA, ECDSA-K, ED25519, or ED25519-SK. If you don’t specify your email address, the command will generate a random address using your account username "@" computer name.
  4. Confirm a descriptive name for the file (for example, webserver) and press Enter.

  5. (Optional) Confirm a passphrase for the SSH keys.

  6. Confirm the passphrase one more time and press Enter.

After you complete the steps, the SSH keys will be available in the “.ssh” folder in your account folder (%USERPROFILE%).

If the SSH keys are not present in the C:\Users\username\.ssh folder, the tool may have stored the files in the root of the C:\ drive. Also, if the “.ssh” folder is missing from the profile folder, you can create a new folder manually and run the command again, but this time, you need to append this configuration -f %userprofile%/.ssh/id_ed25519. The command should be similar to this: ssh-keygen -t ed25519 -C "[email protected]" -f %userprofile%/.ssh/id_ed25519

You can always use the ssh-keygen /help command to access the available options with descriptions.

If the “ssh-keygen” command isn’t available, you will have to install it manually from Settings > Apps > Optional features. On the settings, click the “View features” button, search for “OpenSSH Client,” and check the option, then click the “Next” and the “Install” buttons.

About the author

Mauro Huculak is a Windows expert and the Editor-in-Chief who started Pureinfotech in 2010 as an independent online publication. He is also been a Windows Central contributor for nearly a decade. Mauro has over 12 years of experience writing comprehensive guides and creating professional videos about Windows, software, and related technologies, including Android and Linux. Before becoming a technology writer, he was an IT administrator for seven years. In total, Mauro has over 20 years of combined experience in technology. Throughout his career, he achieved different professional certifications from Microsoft (MSCA), Cisco (CCNP), VMware (VCP), and CompTIA (A+ and Network+), and he has been recognized as a Microsoft MVP for many years. You can follow him on X (Twitter), YouTube, LinkedIn and About.me.