How to generate SSH key on Windows using OpenSSH?

Generating an SSH key is a key step in securing connections to servers, especially when working remotely or managing servers over SSH. In this tutorial, you’ll learn how to generate an SSH key pair (public and private) on Windows and what precautions to take to protect the private key.

Step 1: Install OpenSSH

Windows 10 and 11 have the OpenSSH tool built-in, but you can also download the PuTTY tool if you prefer an alternative approach. To check if you have the OpenSSH tool installed, follow these steps:

1. Open PowerShell or the Command Prompt (CMD).
2. Type: ssh If you see a list of options and commands, it means you have the SSH client installed. If not, go to Windows Settings, choose Applications > Optional Features and make sure OpenSSH is installed.

Step 2: Generate SSH key

To generate the SSH key, we will use PowerShell:

1. Open PowerShell as Administrator.
2. Type the following command: ssh-keygen You will be asked where to save the key. By default, the key will be saved in the directory: C:\Users\YourUser\.ssh\id_rsa
3. You can press Enter to confirm the location or enter your own path. NOTE: If the key already exists, the system will ask whether to overwrite it. In this case, you can choose a different name to keep the older key.
4. The system will ask you if you want to set a password (passphrase). Entering a passphrase will add an extra layer of security, and it is strongly recommended. This way, even if someone gets hold of your private key, they will need a password to use it.

Step 3: Public and private key

After generating the keys, you will see two files:

• id_rsa – a private key that MUST be protected and never shared.
• id_rsa.pub – public key, which you can send to the server or share with others to authorize connections.

Step 4: Protect your private key

A private key should be treated like confidential information. Here are some tips on how to protect it:

1. Set the appropriate permissions: The private key should be readable only by you. On Windows, you can set permissions with the command: icacls C:\Users\YourUser\.ssh\id_rsa /inheritance:r /grant:r %username%:F This command will remove the inheritance of permissions and grant full access only to you.
2. Do not share your private key: Never send your private key by email or other unprotected channels. This puts you at risk of losing your security.
3. Use a password: If you didn’t set a password when generating the key, you can always generate a new key and set a password this time. You can also encrypt an existing key with the OpenSSL tool.
4. Create a backup: A backup copy of your private key, stored in a secure location (such as an encrypted USB drive), will help you avoid problems if you lose access to the original.

Summary

Generating an SSH key is a simple process, but the security of your private key depends on following best practices. Take care to protect it, use a password and back it up regularly. These steps will keep your SSH connections secure and reliable.

Hopefully, this guide has made the process of generating an SSH key on Windows easier for you. If you have additional questions, feel free to contact an IT expert!