Your SSH private key is just a file. It sits in your .ssh folder, and anyone who copies it becomes you on every server it unlocks. Malware, a stolen laptop, a careless backup: one leak and the attacker logs in as you. A Trezor closes that hole. The private key lives on the device, never on disk, and every login needs a physical touch. On Windows there are two ways to wire a Trezor into SSH. They are not equal, one ties your login to the same seed that guards your coins, and PuTTY cannot do either without a fork. Here is both, with the real commands, and how to pick.
You need a compatible Trezor and a current OpenSSH. If you do not own a device yet, the Trezor Safe series (affiliate link, see our disclosure) is what we use.
The Two Methods at a Glance
- Method A: OpenSSH FIDO2. Stock ssh-keygen, key type ecdsa-sk. The credential is a separate applet on the device, not derived from your crypto seed. Windows Hello handles the touch and PIN.
- Method B: trezor-agent. A Python SSH agent. Keys are derived from your wallet seed. Supports Ed25519. Runs without PuTTY.
Step 0: Check Your OpenSSH Version First
Open PowerShell and run:
ssh -V Windows OpenSSH got FIDO2 support in the Win32-OpenSSH 8.9.1.0p1-Beta release. It uses Windows' native webauthn.dll, so there is no libfido2 to install, and the Windows Hello dialog handles the touch and PIN prompts for you. The catch: the OpenSSH feature that ships in-box with Windows has historically lagged far behind. If ssh -V reports anything under 8.9, install the current MSI from the Win32-OpenSSH releases page on GitHub (the latest standalone line is 10.x). Do this before anything else in Method A.
Method A: OpenSSH FIDO2 Key (ecdsa-sk)
This is the stock approach. No extra software beyond a current OpenSSH. Your key is a FIDO2 credential on the Trezor, completely separate from the wallet seed that holds your crypto.
One hard limit up front: Trezor supports ecdsa-sk (NIST P-256) only. It does not do ed25519-sk. If you try to enroll an Ed25519 FIDO key the enrollment simply fails, and the feature request to add it was closed as not-planned. (Nitrokey 3 and YubiKey do ed25519-sk; Trezor does not.) So the key type is fixed:
ssh-keygen -t ecdsa-sk Touch the device when it prompts. On Windows you often need an elevated (admin) PowerShell for FIDO access to go through webauthn cleanly. And before you run it, close Trezor Suite. An open Suite grabs the device, and the FIDO operation fails while Suite is holding the connection.
Use Non-Resident Keys
A resident (discoverable) key is stored on the Trezor itself and pulled back later with ssh-keygen -K. Do not rely on that on Windows: the retrieval command has an open bug on Win32-OpenSSH, failing with "invalid format" and helper error -4, still unfixed as of March 2026. Non-resident is the default, and it works. The ~/.ssh/id_ecdsa_sk file it writes is only a credential handle, useless to a thief without the physical Trezor. But it is not regenerable from the device, so back it up per machine.
Copy the public key to your server the usual way:
ssh-copy-id -i ~/.ssh/id_ecdsa_sk.pub user@host (Or paste the contents of the .pub file into ~/.ssh/authorized_keys yourself.) From then on, every login needs a touch on the device.
PuTTY Users, Read This
Current PuTTY (0.83) has no FIDO2 support. It is an open wishlist item; 0.83 shipped post-quantum key exchange instead. If you live in PuTTY, use the PuTTY-CAC fork, which does support FIDO2. Do not reach for the old windows-fido-bridge project: it is archived and deprecated, so skip it.
Which Devices Work
A Trezor Safe 3, Safe 5, or Safe 7, plus the Model T, all work over USB with universal firmware. The Model One is U2F-only; it may work for ecdsa-sk, but we have not tested it.
Method B: trezor-agent
trezor-agent is a Python SSH agent that talks to the Trezor. It is actively maintained (there were releases in March 2026), and its own README-Windows.md documents native Windows support. Setup:
- Install Win32-OpenSSH (same as Method A) and Python 3.
- Install the agent:
pip install trezor-agent - Optional: use NSSM to run it as a Windows service so it is always available.
- Install Gpg4win only if you also want GPG signing. It is not needed for SSH.
The difference that matters: trezor-agent derives your SSH keys deterministically from the wallet seed, one key per identity string. Restore that seed on any device and the same keys come back. It also supports Ed25519, which Method A cannot give you on a Trezor.
Generate and export a public key for an identity:
trezor-agent -v -e ed25519 [email protected] > github.pub Then connect through the agent:
trezor-agent user@host -c Gotcha: if your SSH config has IdentitiesOnly yes, ssh ignores agent-provided keys and your login quietly fails. Point IdentityFile at the exported .pub instead.
One hedge worth stating: the README's device list names the Trezor One and Model T (plus Jade and OnlyKey). The Safe series is not explicitly listed. Support is documented for the older models, so if you run a Safe, verify it works with your own device before you depend on it.
Which One Should You Use?
The honest trade-off is about your seed. Method B ties your SSH identity to the same seed that guards your crypto. If that seed ever leaks, both your coins and your servers are exposed, and using the seed every day for logins raises that exposure. Method A's FIDO2 credential is a separate applet on the device, not derived from the seed, so a login and a wallet stay independent. We went deeper on that one-seed question in this piece on FIDO2 and your wallet sharing a seed.
- Pick Method A if you want seed separation and stock tooling. It is the sensible default for most people.
- Pick Method B if you want seed-portable identities (restore anywhere, keys return), you need Ed25519, or you want a PuTTY-free agent workflow.
New to the device? See our Trezor resource page, or get a Safe device direct from Trezor.
Not a Trezor Person?
The same Method A works with a Nitrokey 3, which also does ed25519-sk, so you are not stuck on P-256. We use both Trezor Safe devices and Nitrokeys ourselves. If you want an Ed25519 FIDO key without a fork or an agent, the Nitrokey is a clean alternative.
Related Guides
- Trezor SSH on Linux - the same two methods, without the Windows version dance
- Trezor SSH on macOS - Homebrew OpenSSH and trezor-agent on a Mac
- Hardware Security Keys Compared - Trezor, Nitrokey, YubiKey side by side
- Trezor Resource Page - models, setup, and where to buy
Resources
- OpenSSH 8.2 release notes - where sk-ecdsa and sk-ed25519 FIDO key support was introduced upstream
- Install Win32-OpenSSH - official install steps for the current Windows OpenSSH MSI
- trezor-agent README for Windows - the maintainer's own Windows setup doc
- PuTTY-CAC - the PuTTY fork with FIDO2 support
- Trezor: SSH with Trezor - the vendor's own SSH walkthrough