SSH Key Generator

Generate RSA and Ed25519 SSH key pairs entirely in your browser. Keys are never sent to any server.

Never share your private key. Keep it secure and never upload it to any website, including this one. Only share your public key.

Which key type should I use?

  • Ed25519 — Recommended. Smaller keys, faster, more secure against certain attacks. Use this unless you need legacy compatibility.
  • RSA-2048 — Supported everywhere. Good for older systems or services that don't support Ed25519.
  • RSA-4096 — Maximum RSA security, slower to generate and use. Only needed for very high-security environments.

How to use your SSH keys

  1. 1 Download both files to ~/.ssh/
  2. 2 Set permissions: chmod 600 ~/.ssh/id_ed25519
  3. 3 Copy your public key to the server's ~/.ssh/authorized_keys
  4. 4 Connect: ssh -i ~/.ssh/id_ed25519 user@host

100% client-side — your keys never leave this device.

Key generation uses the browser's built-in window.crypto.subtle API. No data is sent to any server, no analytics are collected for key operations, and nothing is stored after you close the page.

Frequently Asked Questions

Is it safe to generate SSH keys in a browser?

Yes — as long as you trust the page's code. This tool uses the Web Crypto API, which performs all operations locally. Keys are never transmitted anywhere.

What is the comment field for?

The comment is a human-readable label appended to the public key. Typically your email or user@hostname. It doesn't affect the key's cryptographic properties.

What is the fingerprint?

The fingerprint is a short SHA-256 hash of the public key. Servers display it when you first connect so you can verify you're connecting to the right host. You can compare it with ssh-keygen -l -f id_ed25519.pub.

Can I add a passphrase to the private key?

Not in this tool — it generates unencrypted private keys. To add a passphrase after downloading, run: ssh-keygen -p -f ~/.ssh/id_ed25519

About SSH Key Generator

The SSH Key Generator creates cryptographically secure Ed25519 and RSA key pairs directly in your browser using the Web Crypto API — no server involved, no data transmitted, no account required.

  • Supports Ed25519 (recommended), RSA-2048, and RSA-4096 key types
  • Generates standard OpenSSH-format keys compatible with GitHub, GitLab, and remote servers
  • Displays the SHA-256 fingerprint for easy verification
  • Download private and public key files directly to your device
  • Optional comment field for labelling keys (e.g. your email address)
  • 100% client-side — keys are generated and stay in your browser only

How to Generate SSH Keys Online

  1. 1

    Choose a key type

    Select Ed25519 for modern systems, RSA-2048 for broad compatibility, or RSA-4096 for maximum RSA security.

  2. 2

    Enter a comment (optional)

    Add your email or a descriptive label so you can identify the key later in authorized_keys files.

  3. 3

    Click "Generate Key Pair"

    The key pair is generated instantly (Ed25519/RSA-2048) or in a few seconds (RSA-4096) entirely within your browser.

  4. 4

    Download both key files

    Download the private key (id_ed25519) and public key (id_ed25519.pub) to your ~/.ssh/ directory.

  5. 5

    Set permissions and add the public key to your server

    Run chmod 600 ~/.ssh/id_ed25519, then append the public key to ~/.ssh/authorized_keys on the remote host.

Tip: After downloading, verify the fingerprint matches by running ssh-keygen -l -f ~/.ssh/id_ed25519.pub in your terminal.

Common Use Cases

GitHub & GitLab Access

  • • Generate a key to authenticate git push/pull over SSH
  • • Add the public key to GitHub Settings → SSH Keys
  • • Replace password authentication for better security

Remote Server Access

  • • Connect to VPS, EC2, or DigitalOcean droplets without passwords
  • • Add the public key to authorized_keys
  • • Disable password auth for a more secure SSH setup

CI/CD Pipelines

  • • Generate deploy keys for GitHub Actions or GitLab CI
  • • Securely store the private key as a CI secret variable
  • • Automate deployments without storing passwords

Kubernetes & Cloud

  • • Create SSH keys for kubectl node access
  • • Provision AWS EC2 key pairs manually
  • • Set up bastion host authentication

Multiple Identities

  • • Generate separate keys for personal and work accounts
  • • Use the comment to label keys by purpose or host
  • • Manage multiple keys via ~/.ssh/config

Quick Replacement

  • • Replace a compromised or expired key pair instantly
  • • Generate a new key on a machine without ssh-keygen installed
  • • Provision keys from any OS including Windows or mobile

More SSH Key Questions Answered

What is an SSH key pair?

An SSH key pair consists of a private key (kept secret on your machine) and a public key (shared with servers). During authentication, the server challenges you with your public key and your private key proves identity — no password is ever transmitted.

Why is Ed25519 recommended over RSA?

Ed25519 uses elliptic-curve cryptography that provides 128-bit security with much smaller keys (68 characters vs 800+). It is faster to generate, faster to verify, and resistant to certain timing attacks that affect RSA. Any modern server or service supports it.

How do I add my SSH public key to GitHub?

Go to GitHub → Settings → SSH and GPG keys → New SSH key. Paste the contents of your .pub file (the public key), give it a title, and save. Then test with ssh -T git@github.com.

What file permissions does the private key need?

The private key must be readable only by your user: chmod 600 ~/.ssh/id_ed25519. SSH will refuse to use a private key with overly permissive permissions and will show a "Permissions are too open" error.

Can I use these keys on Windows?

Yes. Windows 10 and later ship with OpenSSH. Download the keys, place them in C:\Users\YourName\.ssh\, and restrict permissions via File Properties → Security. They also work with PuTTY after converting with PuTTYgen.

Does this tool generate keys with a passphrase?

No — keys are generated without a passphrase for simplicity. To add one after downloading, run ssh-keygen -p -f ~/.ssh/id_ed25519 in your terminal. A passphrase encrypts the private key file at rest.

Are the generated keys cryptographically secure?

Yes. All keys are generated using window.crypto.subtle — the browser's native Web Crypto API, which uses the OS's cryptographically secure random number generator. The generated keys are equivalent in security to those produced by ssh-keygen.