How to Create an SSH Key on Windows

SSH keys are a powerful tool for securing remote connections. They are used for authentication and data encryption when working over SSH. Unlike traditional passwords, SSH keys provide a much higher level of protection, as their mechanism avoids transmitting confidential data over the network.

A Brief Explanation of How SSH Keys Work

SSH keys rely on asymmetric encryption, where a key pair consists of:

Private Key:
➡️ Stored on the user's local device.
➡️ Never transmitted or copied to the server.
➡️ Can be additionally protected with a password to prevent unauthorized access.

Public Key:
➡️ Uploaded to the server.
➡️ Stored in the ~/.ssh/authorized_keys file on the server side.
➡️ Used to encrypt data sent to the client.

Main Steps in Using SSH Keys

1. Key Generation: A key pair is created on the user’s local device using specific tools.

2. Public Key Placement: The public key is added to the server and serves as a verification mechanism for incoming requests.

3. Connection: The server generates a random message and encrypts it using the public key.

4. Decryption: The client decrypts the message.

If the decryption process succeeds, the server confirms the client's authenticity and grants access.

This mechanism eliminates the need to enter the server's password every time you want to connect, which is especially convenient when managing multiple servers.

Using OpenSSH on Windows

Windows 10 and 11 come with built-in OpenSSH support, allowing you to work with SSH keys without installing additional software. This greatly simplifies the process of creating and using keys.

Checking for OpenSSH

1. Open the Terminal or PowerShell application.
Enter the command:

ssh -V

2. If OpenSSH is installed, you will see information about the client version.

Creating an SSH Key Pair

1. In Terminal or PowerShell, execute the following command:

ssh-keygen

2. Specify the path to save the keys (the default is C:\Users\<username>\.ssh).

3. Optionally, set a password to protect the private key.

As a result, two files will appear in the specified folder:
➡️ id_rsa — the private key, which must be kept secure.
➡️ id_rsa.pub — the public key, which should be uploaded to the server.

Transferring the Public Key to the Server

To automatically copy the key, use the command:

ssh-copy-id user@server

This command will add the public key to the ~/.ssh/authorized_keys file on the server.

SSH keys are a critical component of modern security practices when working with remote servers. Whether you use the built-in OpenSSH or third-party tools like PuTTY, the process of creating and setting up keys is accessible even to beginners. They eliminate password transmission, automate tasks, and significantly enhance the security of your infrastructure.