Generate a Key Pair in a Windows Environment

How to create a new public-private key pair for authentication to Terra Dotta SSH servers on a Windows server or Windows workstation

1. Download and install puttygen.exe from

2. Launch puttygen.exe by double-clicking the file in your Downloads folder.

3. In the PuTTY Key Generator window, under the parameters heading, make sure that the type of key generated is set to RSA and make sure the Number of bits in a generated key is set to at least 4096.

4. Under the Actions heading, click the Generate button.

5. Move the mouse in the area underneath the green progress bar. Random movements of the mouse allow the PuTTY Key Generator to increase the randomness of the key that is being generated.

NOTE: This process may take several minutes to complete.

6. In the key comment section, enter a comment that identifies the college, university or organization that will be using this key and the date that the key is generated. For example, for a key that will be used for Terra Dotta University that will is generated on May 10, 2019, the key comment might be “TDU - 10May2019”.

7. After the key has been generated, enter a passphrase that will protect access to your public and private keys and press the Return key. This passphrase should conform to secure password generation guidelines (i.e., be over 16 characters, contain uppercase letters, lowercase letters, numbers and special characters, and should not be based on personal information or any words in any language). Do not lose this passphrase. If necessary, record the passphrase and store it in a physically secure location and/or in an encrypted file or secure password management program.

8. Confirm the passphrase in the field below the Key Passphrase field.

If you set a passphrase, be aware that any time you try to transfer a file using this key pair, your SFTP client will require you to re-enter this passphrase!

Also, note that in this context, a 'passphrase' is different than a 'password' for access to an SSH folder -- TD does not set passwords on SSH folders (all SSH authentication is key-based only) -- but if you are using a key pair with a passphrase, you will be required to enter the passphrase when prompted by your SFTP client.

9. Click on the Save public key button.

10. Navigate to a folder in which you wish to save the public key file, name the file and click the Save button.

11. Click on the Save private key button.

12. Navigate to a folder in which you wish to save the private key file, name the file id_rsa.ppk and click the Save button.

Important Note! For security, never email your private key or share the private key with any unauthorized person.

If you accidentally send Terra Dotta a copy of your private key, we will ask you to generate an entirely new key pair. Only send Terra Dotta a copy of the public key.

13. You may communicate your public key to Terra Dotta by either:

  • Attaching the to an email reply to the Terra Dotta support case thread (or emailing to your TD Integration Analyst directly);
  • Logging into the TDS Support Portal and attaching the public key to your integration case.

Important Final Step! Back up both your public and private key in a physically secure location and/or in an encrypted file or secure password management program.