How to generate an ED25519 SSH key in PuTTYgen

Generating an ED25519 SSH key pair enables strong public-key authentication while keeping password logins off the critical path. A single key can be used across multiple servers, and the same private key can unlock multiple sessions in PuTTY without retyping passwords.

An SSH key pair consists of a private key kept on the client and a matching public key installed on the server. PuTTYgen generates both halves and stores the private key in .ppk format for PuTTY, while also displaying an OpenSSH-compatible public key line for the server's authorized_keys file.

Some legacy SSH servers and network appliances do not accept ED25519 keys and require RSA or ECDSA instead. Protecting the private key with a passphrase is critical because any copied unencrypted private key can be used for login immediately, and losing the private key means losing access until a new key is installed server-side.

1. Launch PuTTYgen on Windows.
2. Select EdDSA under Type of key to generate.

   EdDSA in PuTTYgen corresponds to ED25519 keys on most SSH servers.

3. Start key generation by clicking Generate.
4. Move the mouse over the blank area until key generation completes.

   PuTTYgen collects entropy from mouse movement to seed its random number generator.

5. Set a recognizable Key comment for the new key.

   Using a comment like user@laptop-2025 makes key audits easier on the server.

6. Enter a strong passphrase in Key passphrase.

   A blank passphrase saves an unencrypted private key that can be used by anyone who obtains the file.

7. Re-enter the same passphrase in Confirm passphrase.
8. Save the private key as a .ppk file using Save private key.

   Back up the .ppk securely because the private key cannot be reconstructed from the public key.

9. Copy the Public key for pasting into OpenSSH authorized_keys file field.

   ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuXx8mXj1j8wG5c6l3YgVb1B3l0k8mYcQw1a8q4QH6w user@laptop

   The public key must remain a single line in authorized_keys with no extra whitespace, and ED25519 keys typically start with ssh-ed25519.

10. Paste the copied public key line into the target account's authorized_keys file on the SSH server.

    The default location on many Linux servers is /home/USERNAME/.ssh/authorized_keys.

11. Save a backup copy of the public key using Save public key.

    OpenSSH servers still use the one-line key from the paste box in authorized_keys.

12. Export an OpenSSH private key from Conversions → Export OpenSSH key when a non-PuTTY client must use the same key.

    Related: How to convert PPK key to OpenSSH using PuTTYGen

13. Reload the saved .ppk file using Load to verify the key opens without errors.