The setup machine keygen

The ssh-keygen command generate a public and private authentication key pair. Such authentication keys allow you to connect to a remote system without needing to supply a password each time that you connect. Each user must generate their own pair of keys. If generates key pairs, only can use those keys.

To create a public and private SSH2 RSA key pair:

To generate an SSH1 RSA or SSH2 DSA key pair, specify the -t rsa1 or -t dsa options.

For security, in case an attacker gains access to your private key, you can specify an passphrase to encrypt your private key. If you encrypt your private key, you must enter this passphrase each time that you use the key. If you do not specify a passphrase, you are not prompted.

ssh-keygen generates a private key file and a public key file in (unless you specify an alternate directory for the private key file):

For more information, see the manual page.

1. Overview

SSH, the secure shell, is often used to access remote Linux systems. But its authentication mechanism, where a private local key is paired with a public remote key, is used to secure all kinds of online services, from GitHub and Launchpad to Linux running on Microsoft’s Azure cloud.

Generating these keys from Linux is easy, and thanks to Ubuntu on WSL, you can follow the same process from Windows 10. But even without Ubuntu, SSH keys can also be generated with the free and open source OpenSSH client built into Windows 10 or with PuTTY for Windows 8.1 and earlier.

Over the following few steps, we’ll guide you through the process of generating SSH keys using Ubuntu on WSL, OpenSSH, and PuTTY.

Requirements

All you need is a PC running Windows and one of the following installed:

If you don’t already have Ubuntu on WSL, take a look at our Install Ubuntu on WSL tutorial.

2. Passphrase considerations

When creating the SSH key pair, as shown in the following steps, you can choose to either lock your private key with a passphrase or use no passphrase at all.

Adding a passphrase requires the same passphrase to be entered whenever the key pair is used. Not adding a passphrase removes this requirement. For this reason, creating a key pair without a passphrase is more convenient and potentially essential for certain scripts and automation tasks. But it’s also less secure.

If a third-part gains access to a private key without a passphrase they will be able to access all connections and services using the public key.

A good compromise between convenience and security is to generate a separate key pair for each service or connection you want to use, adding a passphrase only for critical services. If you suspect a key has been compromised, simply generate a new pair for that service and remove the less secure key.

3. Key generation with Ubuntu on WSL

Launch Ubuntu on WSL from the start menu and make sure SSH is installed by entering following command at the command prompt:

The key generation process is identical to the process on a native Linux or Ubuntu installation. With SSH installed, run the SSH key generator by typing the following:

You will be asked two questions. The first asks where to save the key, and you can press return to accept the default value. The second question asks for the passphrase. As discussed, entering a passphrase will require you to use the same passphrase whenever the key is accessed.

However, the passphrase isn’t a requirement, and pressing return (twice) will generate a key pair without one. Consequently, you won’t be asked for a passphrase when using your key.

When the process has finished, the private key and the public key can be found in the directory accessible from the Ubuntu terminal, or the following folder from Windows file manager:

4. Key generation with OpenSSH

Recent versions of Windows 10 include the OpenSSH client by default, but if yours does not or you’re unsure, follow these steps:

Open Settings and then navigate to Apps > Apps and Features > Optional Features:

Scan this list to see if OpenSSH client is already installed. If not, at the top of the page select Add a feature, then, to install the OpenSSH client, locate OpenSSH Client and click Install

Once the installation completes, return to Apps > Apps and Features > Optional Features and you should see the OpenSSH component(s) listed:

You can optionally install the OpenSSH client using PowerShell, first launch ‘Windows PowerShell’ as an Administrator. To check the status of the OpenSSH client type the command:

This should return:

If OpenSSH client is listed as “NotPresent” you can install by typing:

The command should return:

Finally, to generate your keys, launch ‘Windows PowerShell’ as an Administrator, and type:

5. Key generation with Putty

To generate a key pair with the PuTTY key generator, simply run and click the Generate button in the window that appears.

You will be asked to move the mouse and press keys to improve the random number generation at the heart of SSH security. After this, the raw contents of the public key will be displayed alongside its fingerprint and a timestamp comment.

Two important fields, Key passphrase and Confirm passphrase, allow you to enter a passphrase to protect the private key.

Finally, you will need to export both the private and public keys separately:

• to export the private key, select Export OpenSSH key from the Conversions menu
• to export the public key, click Save public key from the main window

Public keys typically use the suffix. By convention, the private key is usually called and the public key , but this isn’t a requirement. It’s common to have many keys with more descriptive filenames, for instance.

6. Getting help

Congratulations! You have just generated a SSH key pair from Windows 10. You can now add the public key to those services you wish to authenticate.

If you need more details on using SSH keys, take a look at the Ubuntu community documentation, and if you get stuck, help is always at hand: