SSH Key Generator

Generate SSH keys instantly (RSA, ECDSA, Ed25519), copy-ready public keys, private key exports, and SHA256/MD5 fingerprints — no setup required.

SSH Key Generator

READY

Generate SSH keys instantly (RSA, ECDSA, Ed25519), copy-ready public keys, private key exports, and SHA256/MD5 fingerprints — no setup required.

Strength Strong
Key settings Instant + copy-ready
Ed25519 is fast and modern. RSA is the most compatible. ECDSA is compact and widely supported.
Use OpenSSH for typical SSH workflows. Use PEM when you need compatibility with older tooling.
Only used for encrypted PEM exports. Store it in a password manager.
Shows at the end of your public key, helpful when you manage many keys.
These notes are included in the JSON export. They are not added to the keys.
History This session
No history yet
Generate a key pair and you can quickly load recent results here.
Output Copy / Download
No output yet
Choose a key type, then click Generate key pair. Your public key will be ready to paste into authorized_keys.
Paste into ~/.ssh/authorized_keys
Store securely. Never paste this into chat.
SHA256 fingerprint
Use this to verify you’re connecting to the right host key or to compare keys across machines.
MD5 fingerprint
Still common in older docs. Prefer SHA256 when possible.
Metadata
Safety checklist
No notes.
Bundle contains keys, fingerprints, metadata, and your notes.
Copied

About SSH Key Generator

SSH Key Generator: Create Secure Key Pairs Instantly

Welcome to the most efficient way to generate secure cryptographic authentication credentials. Our SSH Key Generator allows you to instantly create RSA, ECDSA, and Ed25519 key pairs directly from your browser, eliminating the need to memorize complex terminal commands.

Secure Shell (SSH) keys are the backbone of modern server administration, code repository access (like GitHub or GitLab), and automated deployment pipelines. However, using the traditional command-line ssh-keygen tool can be intimidating or inconvenient if you are setting up a system quickly on a new machine, debugging access issues from a restricted environment, or generating keys for a third-party service that requires a specific format like PEM.

Here is the deal: we have built a streamlined, web-based utility that acts as a visual interface for OpenSSL and Sodium cryptographic libraries. You get complete control over the key type, bit length, elliptic curves, and export formats. Whether you need a legacy RSA 4096-bit key encrypted with a passphrase, or a bleeding-edge, high-performance Ed25519 key, you can configure, generate, and copy your public and private keys in a matter of seconds. We also instantly calculate your SHA256 and MD5 fingerprints so you can verify host connections without delay.

How the SSH Key Generator Works

Generating a secure key pair should not require reading a man page. Our tool is designed to provide professional-grade configurations through an intuitive interface. Here is how you can create your keys step-by-step.

Step-by-Step Generation Guide

Follow these simple instructions to configure your cryptography settings and retrieve your formatted keys.

  • Step 1: Select Your Key Type. Use the "Key type" dropdown to choose the cryptographic algorithm. We recommend "Ed25519" for modern, fast, and highly secure keys. If you need compatibility with older servers, select "RSA" or "ECDSA". Note that selecting different types will reveal context-specific options.
  • Step 2: Configure Algorithm Parameters. If you chose RSA, use the "RSA key size" dropdown to select your bit length (we strongly suggest 4096 bits for strong security). If you chose ECDSA, pick your desired elliptic curve (like nistp256 or nistp521). The visual "Strength" badge in the top right will update automatically based on your choices.
  • Step 3: Set Export Format and Passphrase. Choose your "Private key format". OpenSSH is the standard for almost all modern SSH clients. If you require PEM format (often needed for older AWS setups or specific CI/CD tools), select it from the list. If you choose PEM, you can optionally check "Encrypt PEM with passphrase" and enter a secure password to protect the private key file.
  • Step 4: Add Metadata. Enter a "Key comment" (e.g., user@laptop-2026). This comment is appended to the public key and helps you identify it later in your server's authorized_keys file. You can also add detailed internal "Notes" (like rotation dates) which will be included if you download the JSON bundle.
  • Step 5: Generate and Retrieve. Click the primary "Generate key pair" button. The server will securely compute the prime numbers or elliptic curves and return the results. You can now use the copy buttons to grab your "Public key" (to put on your server/GitHub) and "Private key" (to keep on your local machine), or download them directly as formatted files.

Key Features of Our Online Key Generator

We designed this tool to go beyond basic generation. It includes features specifically requested by system administrators and DevOps engineers to streamline identity management.

1. Support for Modern Cryptography (Ed25519)

While RSA has been the standard for decades, Ed25519 (based on the Edwards-curve Digital Signature Algorithm) is the modern gold standard. Ed25519 keys are significantly smaller, making them easier to copy and paste, yet they offer cryptographic strength that rivals massive RSA keys. They also perform signatures much faster, which speeds up the SSH handshake process. Our tool fully supports generating these state-of-the-art keys using the native Sodium extension.

2. Flexible Formatting: OpenSSH vs. PEM

A common pain point when generating keys is realizing your software requires a specific file format. Modern Linux systems and Git clients prefer the newer OpenSSH format. However, legacy systems, certain language libraries (like older PHP or Python paramiko setups), and cloud provider dashboards sometimes demand the classic PEM format. Our SSH Key Generator allows you to explicitly choose how the private key block is wrapped, ensuring drop-in compatibility for your specific stack.

3. Instant Fingerprint Calculation

When you add a new key to a server or connect to a host for the first time, you are often asked to verify a fingerprint to prevent Man-in-the-Middle (MITM) attacks. Our tool automatically calculates and displays both the modern SHA256 (Base64) fingerprint and the legacy MD5 (Hex colon-separated) fingerprint the exact moment your key is generated. You do not need to run ssh-keygen -l -f locally to find this information.

4. Session History and Rapid Regeneration

If you are provisioning multiple servers or setting up keys for several team members, you might need to generate many pairs in a row. The tool features a "History" sidebar that temporarily stores the keys you generated during your current session. You can quickly click "Load" to swap between them. Furthermore, the "Regenerate" button allows you to instantly spin up a new mathematical key pair using your exact current settings with a single click.

5. Comprehensive JSON Bundling

For automation engineers, downloading raw text files isn't always helpful. We provide a "JSON bundle" export option. This downloads a single file containing your public key, private key, selected settings (like RSA bits or curve type), exact generation timestamp, calculated fingerprints, and any custom notes you added. This bundle is perfect for feeding into secrets management systems like HashiCorp Vault or AWS Secrets Manager.

Real-World Use Cases

Who uses a web-based SSH Key Generator? Here are specific scenarios where this tool saves valuable time and frustration.

  • Label: Cloud Server Provisioning. You are spinning up a new Droplet on DigitalOcean or an EC2 instance on AWS via a web console on a tablet or a computer that isn't your primary workstation. You need a public key to inject via cloud-init, but you don't have access to a local terminal. You can generate the key pair here, paste the public key into the cloud dashboard, and download the private key to connect later.
  • Label: CI/CD Pipeline Configuration. You are setting up GitHub Actions or GitLab CI to deploy code to your staging server via rsync or SSH. You need a dedicated, restricted key pair specifically for the CI runner. You can quickly generate an Ed25519 key here, paste the public half into the server's authorized_keys, and add the private half as a repository secret.
  • Label: Assisting Non-Technical Users. You are an IT administrator trying to grant SFTP access to a freelance designer. Asking them to open PowerShell or Terminal to run ssh-keygen is a nightmare. Instead, you can generate the keys for them, securely transmit the private key (preferably encrypted with a passphrase), and apply the public key to their server account.
  • Label: Legacy System Integration. You have inherited an old enterprise application that strictly requires a 2048-bit RSA key in PEM format to interact with a partner's API. Modern OS defaults often generate OpenSSH formats. You can use our tool to explicitly force the output to legacy PEM format and 2048 bits to ensure immediate compatibility.
  • Label: Creating Deploy Keys for Repositories. You need to allow a specific server to clone a private Git repository, but you do not want to use your personal SSH key. You can generate a fresh key pair, add the public key to the repository as a "Deploy Key" with read-only access, and place the private key on the server.

When to Use Our SSH Key Generator vs. Terminal Commands

While the command line is powerful, there are distinct advantages to using a visual generator, depending on your environment and requirements.

Scenario Our Web SSH Key Generator Manual ssh-keygen Command
Visual Feedback Provides immediate visual confirmation of key strength, formats, and comments. Requires remembering specific flags (e.g., -t rsa -b 4096 -C "comment").
Environment Independence Works on any device with a web browser (Chromebooks, tablets, restricted corporate PCs). Requires a local POSIX terminal or specialized Windows software (like PuTTYgen).
Formatting Output One-click switching between OpenSSH and PEM formats. Requires knowing the exact -m flag, which behaves differently across OpenSSH versions.
Data Aggregation Presents keys, SHA256/MD5 fingerprints, and JSON bundles on a single screen. Requires running secondary commands (-l -f) to extract fingerprint data.
Security Posture Generates keys server-side (good for quick utility, but requires trusting the transport layer). Generates keys entirely offline (the absolute highest security standard for root access).

Tips for Getting the Best Results

Cryptographic identity is sensitive. To ensure you are creating and managing your SSH keys correctly, follow these best practices.

Pro Tip: Always use descriptive comments! A comment like deploy-key-prod-app-2026 is infinitely more useful than the default user@machine. When you look at an authorized_keys file two years from now containing 15 different keys, the comment is the only way to know which key belongs to which service.

Protect Your Private Key

The entire security model of SSH relies on the secrecy of the private key. Once you download or copy the private key from our tool, store it immediately in its final destination (like your ~/.ssh/ directory or a password manager). Never paste a private key into an email, Slack channel, or text document. On Linux/Mac, ensure you set the correct file permissions (chmod 600 ~/.ssh/id_rsa) or your SSH client will refuse to use it.

Understand Passphrase Encryption

If you choose to export in PEM format, you have the option to encrypt the private key file with a passphrase. If you do this, an attacker who steals the file cannot use it without also knowing the password. However, this means you will be prompted to type the password every time you initiate an SSH connection (unless you use an SSH Agent). For automated systems (like CI/CD pipelines), you generally must leave the key unencrypted.

Avoid RSA 2048 if Possible

While we offer RSA 2048 for legacy compatibility, computing power has increased to the point where 2048 bits is considered the absolute bare minimum for security, and is actively deprecated by many modern security audits. If you must use RSA, select 4096 bits. If your system supports it, skip RSA entirely and select Ed25519.

Frequently Asked Questions

Have questions about key algorithms, formats, or security? Review our FAQ to understand the technical details behind the SSH Key Generator.

If the system you are connecting to supports it (most systems upgraded after 2014 do), Ed25519 is highly recommended. It is faster to generate, faster to verify, creates much shorter keys, and is highly resistant to side-channel attacks. If you are connecting to older enterprise servers or legacy network switches, RSA (4096-bit) is the safest fallback as it has near-universal compatibility.

This refers to how the private key data is encoded in text. OpenSSH format (starting with BEGIN OPENSSH PRIVATE KEY) is the modern default for OpenSSH clients. PEM format (starting with BEGIN RSA PRIVATE KEY) is an older standard. Many older tools, specific programming language libraries, and some cloud providers strictly require PEM formatting to parse the key correctly.

The public key (usually ends in .pub) is what you share. You paste this into the ~/.ssh/authorized_keys file on the server you want to log into, or into the settings panel of GitHub/GitLab. The private key stays entirely on your local machine (usually in ~/.ssh/id_ed25519). Your local SSH client uses the private key to cryptographically prove to the server that you own the corresponding public key.

This tool generates keys securely over HTTPS using standard cryptographic libraries. However, for the highest security environments (like root access to production database clusters), best practice dictates generating keys locally on your own air-gapped machine using ssh-keygen. This web tool is best utilized for temporary keys, CI/CD deploy keys, testing environments, or situations where local terminal access is unavailable.

Our tool currently supports passphrase encryption only for private keys exported in the legacy PEM format (RSA and ECDSA). Ed25519 keys are natively exported in the newer OpenSSH format. While the OpenSSH format supports encryption, this specific web utility exports them unencrypted to ensure maximum compatibility when pasting them directly into CI/CD secrets variables or automation scripts.

A fingerprint is a short, cryptographic hash (like SHA256) of your long public key. Because public keys are hundreds of characters long, it is difficult for humans to compare them visually. The fingerprint allows you to quickly verify that the key you generated is exactly the same one that is installed on the remote server, ensuring data integrity.

Why Choose Our SSH Key Generator?

Managing server access and automation credentials should not be a bottleneck in your workflow. Our SSH Key Generator abstracts away the complexity of terminal commands and cryptographic flags, providing a clean, accessible interface for creating robust security credentials.

Whether you need to quickly spin up a highly secure Ed25519 key for a modern GitHub Actions pipeline, or you are forced to generate a legacy RSA PEM key for an outdated corporate system, this tool provides exact control over your output. Stop Googling ssh-keygen syntax and fighting with command-line flags. Select your algorithm, hit generate, and copy your perfect key pair today.