Recently, I was working on a project where I needed to set up secure connections between multiple servers. The issue is that most SSH key generation tutorials focus on using OpenSSH in Linux or Git Bash on Windows. However, PowerShell provides ways for SSH key management natively in Windows.
In this article, I explain simple ways to generate and manage SSH keys directly from PowerShell. You do not need any third-party tools for this. So, let us check.
What Are SSH Keys in PowerShell
SSH (Secure Shell) keys provide a secure way to authenticate with remote systems without using passwords. SSH keys are a pair of cryptographic keys used to authenticate and establish a secure connection between a client and a server. The key pair consists of a public key and a private key.
The public key is shared with the server, while the private key remains on your local machine. When you attempt to connect to the server, it uses the public key to verify your identity and grant access.
Check out Track User Login History on Windows Using PowerShell
Here are a few methods to generate SSH keys in PowerShell.
Method 1: Using the Built-in SSH-Keygen Command
Windows 10 (1809 and later) and Windows Server 2019+ come with OpenSSH client installed by default. This gives us access to the familiar ssh-keygen command directly from PowerShell.
Here are the steps to generate SSH keys:
- Open PowerShell as Administrator
- Run the following command:
ssh-keygen -t rsa -b 4096This command instructs PowerShell to generate an SSH key pair using the RSA algorithm with a key size of 4096 bits.
- When prompted for a file location, press Enter to accept the default location (
C:\Users\YourUsername\.ssh\id_rsa) - When asked for a passphrase, enter one for added security or press Enter twice for no passphrase
That’s it! You now have an SSH key pair in your .ssh directory. The private key is id_rsa , and the public key is id_rsa.pub.
You can see in the screenshot below:
To view your newly created public key, run:
Get-Content ~\.ssh\id_rsa.pubCheck out Set the Default Printer Using PowerShell in Windows
Method 2: Install OpenSSH if Not Already Available
If you’re on an older Windows version without OpenSSH preinstalled, you can add it using PowerShell:
- Open PowerShell as Administrator
- Check if OpenSSH is available:
Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'- Install the OpenSSH Client:
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0- Once installed, follow the steps in Method 1 to generate your keys
Method 3: Using .NET Framework (No OpenSSH Required)
If, for some reason, you can’t install OpenSSH, you can use PowerShell with .NET classes to generate SSH keys:
# Load the required .NET assembly
Add-Type -AssemblyName System.Security
# Generate the RSA key pair
$rsa = New-Object System.Security.Cryptography.RSACryptoServiceProvider(2048)
$privateKey = $rsa.ExportParameters($true)
# Create the directory if it doesn't exist
if (!(Test-Path "~\.ssh")) {
New-Item -ItemType Directory -Path "~\.ssh" | Out-Null
}
# Export the private key
$privateKeyBytes = [System.Convert]::FromBase64String($rsa.ToXmlString($true))
[System.IO.File]::WriteAllBytes("$env:USERPROFILE\.ssh\id_rsa_new", $privateKeyBytes)
# Format and export the public key in SSH format
$publicKey = "ssh-rsa " + [Convert]::ToBase64String($rsa.ExportParameters($false).Modulus) + " generated-key"
Set-Content -Path "$env:USERPROFILE\.ssh\id_rsa_new.pub" -Value $publicKey
Write-Host "SSH keys generated at $env:USERPROFILE\.ssh\" -ForegroundColor GreenNote: This method generates keys in a different format that may need conversion for some SSH servers.
Read Set Password for Local User in Windows 11 Using PowerShell
Manage SSH Keys in PowerShell
Here are a few cmdlets to manage SSH keys in PowerShell.
View Your SSH Keys
To list your existing SSH keys; you can run the following PowerShell cmdlet.
Get-ChildItem -Path ~\.ssh\*.pub | ForEach-Object { $_.BaseName }Setting Key Permissions
SSH requires secure permissions on your private key:
# Restrict access to your private key
icacls ~\.ssh\id_rsa /inheritance:r
icacls ~\.ssh\id_rsa /grant:r "$($env:USERNAME):(R,W)"Add Your Key to the SSH Agent
The SSH agent stores your keys in memory so you don’t need to enter your passphrase repeatedly:
- Start the SSH agent service:
Get-Service ssh-agent | Set-Service -StartupType Automatic
Start-Service ssh-agent- Add your key to the agent:
ssh-add ~\.ssh\id_rsaCheck out Set the Time Zone Using PowerShell in Windows
Using Your SSH Keys with Remote Servers
To use your new key with a remote server (like GitHub, Azure, or your own servers):
- Copy your public key:
Get-Content ~\.ssh\id_rsa.pub | Set-Clipboard- Add this public key to your remote server’s authorized_keys file or paste it into your cloud provider’s SSH key section
- Test the connection:
ssh username@your-server.comCreate SSH Config Files in PowerShell
For multiple SSH connections, I recommend creating a config file:
$configContent = @"
Host github.com
User git
IdentityFile ~/.ssh/id_rsa
Host my-server
HostName 192.168.1.100
User admin
IdentityFile ~/.ssh/id_rsa
"@
Set-Content -Path ~\.ssh\config -Value $configContentThis simplifies connections – you can now just type ssh my-server instead of the full command.
Now, let us see another method to create SSH key, using a third party too.
Check out Update PowerShell on Windows 11
Generate SSH Keys using PuTTYgen
PuTTYgen is a graphical tool that comes with the PuTTY SSH client. It provides a user-friendly interface for generating SSH keys. Here’s a quick overview of the steps:
- Download and install PuTTY from the official website.
- Open PuTTYgen from the Start menu.
- Select the key type (RSA) and the desired key size (e.g., 4096 bits).
- Click “Generate” and move your mouse randomly to generate randomness.
- Enter a passphrase (optional) and save your public and private keys.
You can then use the generated keys in the same way as described earlier
In this tutorial, I explained how to generate SSH keys in PowerShell and also by using the PuTTYgen tool. Do let me know if you still have any questions in the comments below.
You may also like the following tutorials:
- Windows PowerShell vs CMD
- Check for Windows Updates Using PowerShell
- Install Windows Updates Using PowerShell
Bijay Kumar is an esteemed author and the mind behind PowerShellFAQs.com, where he shares his extensive knowledge and expertise in PowerShell, with a particular focus on SharePoint projects. Recognized for his contributions to the tech community, Bijay has been honored with the prestigious Microsoft MVP award. With over 15 years of experience in the software industry, he has a rich professional background, having worked with industry giants such as HP and TCS. His insights and guidance have made him a respected figure in the world of software development and administration. Read more.
