How to create a SFTP/SSH key on Windows

Introduction

RSA keys provide a secure method of authenticating with an SSH or SFTP server without requiring a password. They are based on asymmetric encryption, which uses a matching pair of keys: one public and one private. The public key is shared with the server or service provider, while the private key remains securely on your machine and is used to establish the connection.

When you attempt to connect, the server uses the public key to generate a challenge that can only be solved by the corresponding private key. This process proves your identity without ever transmitting the private key itself, making the exchange both safe and reliable.

The keys are stored locally as text files, typically in the .ssh directory or saved in the client you are using to connect.

Key things to remember when create a new key:

• The private key is used on the client

• The public key is used on the server - and can be shared

• Where possible - the private key should be password encrypted

• You will need Powershell

How to Create an RSA SSH Key on Windows

1. Open PowerShell

• Press Start, type PowerShell, and open Windows PowerShell. (If you use Git Bash or WSL, you can follow the same steps there.)

2. Generate the Key

Run the following command:

• -t rsa → generates an RSA key.

• -b 4096 → sets the key size to 4096 bits (strong security).

• -C → adds a label, usually your email.

3. Choose a Save Location

You’ll be prompted with:

• Press Enter to accept the default, or type a different file path if you want multiple keys.

4. Add a Passphrase (Optional)

• Enter a passphrase for extra protection, or just press Enter to leave it blank.

5. Verify the Keys

Check your .ssh folder:

You should see:

• id_rsa → your private key

• id_rsa.pub → your public key

6. Copy the Public Key

To copy your key to the clipboard:

Now you can paste it into GitHub, GitLab, or any server’s authorized keys.