Skip to content

Managing Windows SSH Keys with PuTTY



Often when dealing with Linux based servers or services such as Git from within Microsoft Windows, a user needs to have the ability to manage and use SSH keys. SSH Keys are one of the main authentication mechanisms used when dealing with Unix based operating systems, and services such as GIT, which also utilize SSH keys as a way of authenticating access to code repositories. The purpose of this article is to cover how to use PuTTY and PuTTYGen to create, manage, and use SSH keys from within a Windows environment that can be utilized when working with any server or services that require SSH key based authentication.


Below you will find a list of pre-requisites that are required in order for the following article content to work accurately. Multiple steps within this article will assume that all listed actions below have been performed. If the following list of pre-requisites has not been completed prior to beginning this article or following along with the content contained within it, then some of the future actions or steps within this article may fail.

1.    Access to a Windows Workstation:
As this article covers working with PuTTY and PuTTYGen from within Windows, access to a Microsoft Windows workstation or VM is required.

2.    Download PuTTY and PuTTYGen:
This article will be performing steps using both PuTTY and PuTTYGen. PuTTY is an SSH and telnet client, developed for the Windows platform. The software is open source and is used to instantiate a connection from Windows to any server or service that utilizes either SSH, Telnet or Both. PuTTYgen is an SSH key generator tool for creating SSH keys for use with the PuTTY application. It is analogous to the ssh-keygen command line tool found natively on most Unix based operating systems. PuTTYGen can be used to create public and private key pairs, that are in the proper .ppk file format, required by PuTTY to work. The tool also has the ability to convert SSH key pairs from and to other formats.

Downloading PuTTY

When downloading Putty, and PuTTYGen, you have the option of downloading the installer, or the standalone portable editions. Either of these options will work identically. If you don't want to perform an actual install of the application, then the portable executable can be downloaded and ran effectively without requiring any modification to your current Windows Environment. Note that if you do install PuTTY using the installable .msi package, PuTTYGen is also automatically installed as part of that installer package. There is no need to download and install a separate executable just for PuTTYGen.

PuTTY Downloads

Generate a KeyPair

First, lets walk though creating a new SSH KeyPair on Windows using PuTTYGen.

1.    Open PuTTYGen:
First, navigate to your downloads directory or the directory where the PuTTYGen standalone executable is located and launch PuTTYGen, or if you chose to install PuTTY using the downloadable .msi file, then from your start menu, find and launch the PuTTYGen application.

2.    Generate KeyPair:
Next, we will use PuTTYGen to create a new SSH RSA KeyPair. To do so, from the main application click on the Generate button to start the key generation process. Once the Generate button has been clicked, then move your mouse in the blank area to create entropy data that will be used to construct your new KeyPair. Once the key has been generated you will be returned to the main application view, with the newly generated key loaded into the application session.

PuTTY Launch and Generate KeyPair       PuTTY KeyPair Entropy Data

           PuTTY Display KeyPair

Load and Convert a KeyPair

Next we will walk though converting an existing key such as a PEM file created and taken from our AWS account, and use it to generate a valid KeyPair that can be used with PuTTY.

PEM Formatted KeyPair

This part of the article will assume that you already have an existing KeyPair that you would like to convert from whatever format it currently is in to the Windows PuTTY PPK format. In this example, it can be assumed, that a new KeyPair has been generated in the AWS console, and that PEM file has been downloaded to my local workstation. The following instruction set will walk through the process of converting that PEM file to a Windows PuTTY formatted KeyPair.

1.    Loading an existing PEM file:
Open PuttyGen, Click on the Load button. In the pop up file browser dialog, browse to the saved PEM file, and click on Open. Press OK on the Successfully imported foreign key dialog box.

Putty Load

Save the Private Key

Once the KeyPair has been either generated or loaded via an existing KeyPair, save the private key by clicking on the Save private key button. A file browser dialog will pop up allowing you to save the private key to a file in a chosen directory. Note the directory path on where the file is being saved, and name the file accordingly. Ensure that the private key has the .ppk file extension. Note that if you have not added a pass-phrase to the key, then PuTTYGen will prompt a warning message asking if your are sure that you want to save the key without a pass-phrase. Either assign a pass-phrase to the key, or click on the Yes button in the dialog to proceed.

PuTTY Save Private Key

KeyPair Pass Phrase:

It is ALWAYS a good idea to apply a pass phrase to a KeyPair to ensure that someone can't just copy the KeyPair off your workstation, granting them your access level on any servers or services that are configured to accept your KeyPair as Authentication. Setting a pass phrase on the keyPair works as MultiFactor Auth, in that you are required to have something (KeyPair) and know something (PassPhrase) in order to be granted access to servers or services configured to accept Keys as an Authentication mechanism.

Save the Public Key

Next, save the public key by clicking on the Save public key button. Again, a file browser dialog will pop up allowing you to save the public key to a file in a chosen directory. Note the directory path on where the file is being saved, and name the file accordingly. Ensure that the public key does NOT have the .ppk file extension. (.ppk extension is used for the private key only)

PuTTY Save Public Key

Verify Key Files

Last, lets look in our saved directory location, and ensure that both the private and public keys were saved correctly.

PuTTY Verify Save


Other then browsing to the directory location where the KeyPairs are stored, and deleting the KeyPair files, no steps are necessary in order to clean up or roll back the steps provided in this tutorial.


The final result of this tutorial leaves us with a better understanding of how PuTTY and PuTTYGen work, and how to manage our RSA Keys using PuTTYGen on a Windows Workstation. By following the steps outlined above, we should now have an RSA SSH KeyPair that will allow us to log into servers, services, or AWS instances from our Windows workstation using our new PPK formatted RSA/SSH Private Key via PuTTY.

Additional Resources

No Additional Resources.

Site/Information References

PuTTYGen - Key Generator For PuTTY on Windows(