How to Create SSH Keys with PuTTY on Windows

DigitalOcean Droplets are Linux-based virtual machines (VMs) that run on top of virtualized hardware. Each Droplet you create is a new server you can use, either standalone or as part of a larger, cloud-based infrastructure.

If you’re struggling with SSH and server management, try our managed products Cloudways and App Platform. Cloudways deploys pre-installed software stacks onto Droplets, and App Platform deploys and scales apps directly from your code repository, along with databases and serverless functions, no SSH or server administration required.

To create and use SSH keys on Windows, you need to download and install both PuTTY, the utility used to connect to remote servers through SSH, and PuTTYgen, a utility used to create SSH keys.

On the PuTTY website, download the .msi file in the Package files section at the top of the page, under MSI (‘Windows Installer’). Next, install it on your local computer by double clicking it and using the installation wizard.

After the programs are installed, start the PuTTYgen program through your Start Menu or by tapping the Windows key and typing puttygen. The key generation program looks similar to this:

The PuTTYgen interface

You can customize the Parameters at the bottom if you like, but the default values are appropriate in most situations. However, Fedora 33’s new encryption requirements does not accept the default RSA algorithm, so choose ECDSA or another supported algorithm when creating a key for use with Fedora 33.

When you’re ready, click the Generate button on the right-hand side.

You might be prompted to “generate some randomness by moving the mouse over the blank area”. This randomness, known as entropy, is used to create keys in a secure fashion so that other people can’t reproduce them.

Generating entropy with PuTTYgen

When the key is generated, you see the public key displayed in a text box. Copy this into your clipboard now if you plan to add it to your DigitalOcean account or to servers. Be sure to scroll within the text area so you copy the entire key.

Next, you are prompted to enter a passphrase for your SSH key. This improves security by preventing someone who gains access to your private key from using it without also knowing the passphrase. You need to provide your passphrase every time you use this key (unless you use SSH agent software that stores the decrypted key).

A new PuTTY key

When you’re done, click the Save private key button and select a secure location to keep it. You can name your key whatever you’d like, and the extension .ppk is automatically added.

If you have not entered a passphrase, you need to confirm that you want to save the key without one. We strongly recommend using a passphrase, but you can press ENTER to bypass this prompt.

Working with PuTTY’s Public Key Format

You can click Save public key as well, but take note: The format PuTTYGen uses when it saves the public key is incompatible with the OpenSSH authorized_keys files used for SSH key authentication on Linux servers.

If you need to see the public key in the right format after the private key has been saved:

  1. Open PuTTYgen.
  2. Next to Load an existing private key file, click the Load button.
  3. Navigate to the private key in your file system and select it.
  4. Click Open.

The public key is redisplayed again in the appropriate format.

Now that you have your generated key pair saved on your computer and ready to use, you can: