SSH Key Generator
Create RSA, Ed25519 & ECDSA key pairs. Private keys never leave your browser.
Click "Generate" to create a key pair
—
Never share your private key. Store it securely and protect it with a passphrase.
SSH Key Types Compared
| Algorithm | Key Size | Security Level | Speed | Compatibility |
|---|---|---|---|---|
| Ed25519 | 256-bit | ~128-bit equivalent | Fastest | OpenSSH 6.5+ (2014) |
| ECDSA P-256 | 256-bit | ~128-bit equivalent | Fast | Very wide |
| RSA-4096 | 4096-bit | ~140-bit equivalent | Slow generation | Universal |
Ed25519 is recommended for new deployments. It's faster, produces smaller keys, and has no known weaknesses. RSA-4096 is only needed for legacy systems that don't support modern algorithms.
How to Use Your Generated Keys
GitHub / GitLab
- Copy the public key
- Go to Settings → SSH Keys → Add New
- Paste and save
- Store the private key at
~/.ssh/id_ed25519with permissionschmod 600
Linux/Mac Server
- Append the public key to
~/.ssh/authorized_keyson the server - Save the private key locally at
~/.ssh/id_ed25519 - Connect:
ssh -i ~/.ssh/id_ed25519 user@server
Key Rotation Best Practices
- Rotate keys at least annually
- Rotate immediately if a device with your private key is lost or compromised
- Remove old public keys from all
authorized_keysfiles - Always protect private keys with a passphrase:
ssh-keygen -p -f id_key - Use different key pairs for different services (work vs. personal)
Frequently Asked Questions
Is it safe to generate SSH keys in the browser?
Yes. Our tool uses the Web Crypto API to generate keys entirely in your browser. The private key is never sent to any server. You can verify by checking the Network tab in DevTools — zero requests are made during generation.
Which algorithm should I choose?
Ed25519 is recommended — it's fast, secure, and produces compact keys. RSA-4096 is the legacy standard with maximum compatibility. ECDSA P-256 is a good middle ground. If unsure, use Ed25519 (or ECDSA if your browser doesn't support it).
How do I add the public key to GitHub?
1) Copy the public key. 2) Go to GitHub → Settings → SSH and GPG keys → New SSH key. 3) Paste the public key and give it a title. 4) Save your private key securely — you'll need it for authentication.
How do I add the key to a server?
Append the public key to ~/.ssh/authorized_keys on the server. You can do this with: ssh-copy-id -i id_key.pub user@server, or manually paste it into the file.
Should I add a passphrase to my private key?
Yes, always protect private keys with a passphrase. This means even if someone gets your private key file, they can't use it without the passphrase. Our download gives you the raw key — add a passphrase using ssh-keygen -p -f id_key.
How often should I rotate SSH keys?
Rotate keys at least annually, or immediately if you suspect compromise. Remove old public keys from authorized_keys on all servers. Many organizations require 90-day rotation for compliance.