SSH Workbench

SSH Key Validator

Validate SSH public and private keys. Check key type, format, fingerprint, and comment.

Client-side only — nothing leaves your browser

What is SSH Key Validation?

SSH key validation checks whether a key is properly formatted, identifies its type and properties, and detects common issues. When you encounter errors like "invalid key format" or "key is not in PEM format," a validator helps you understand what type of key you have and what might be wrong. This tool parses both public and private keys, detects the algorithm (RSA, Ed25519, ECDSA, DSA), identifies the format (OpenSSH, PEM, PPK), and computes the SHA256 fingerprint for public keys.

SSH Key Formats

FormatHeaderUsed By
OpenSSHBEGIN OPENSSH PRIVATE KEYOpenSSH 6.5+, modern Linux/macOS
PEM (PKCS#1)BEGIN RSA PRIVATE KEYOpenSSL, older SSH implementations
PEM (PKCS#8)BEGIN PRIVATE KEYJava, .NET, cross-platform tools
PPKPuTTY-User-Key-File-*PuTTY, WinSCP, FileZilla (Windows)

Frequently Asked Questions

How do I check my SSH key type?
You can check your SSH key type by looking at the beginning of your public key — it starts with the algorithm name: ssh-rsa (RSA), ssh-ed25519 (Ed25519), ecdsa-sha2-nistp256 (ECDSA), or ssh-dss (DSA). For private keys, check the header: 'BEGIN RSA PRIVATE KEY' is RSA, 'BEGIN EC PRIVATE KEY' is ECDSA. You can also run 'ssh-keygen -l -f ~/.ssh/id_ed25519.pub' in the terminal to see the type and bit length.
What format should an SSH public key be in?
The standard OpenSSH public key format is a single line with three parts: key-type base64-data comment (e.g., 'ssh-ed25519 AAAAC3... user@host'). Most SSH servers and services (GitHub, GitLab, AWS) expect this format. Other formats include RFC 4716 (multi-line with BEGIN/END headers) and PEM (SPKI format). If you have a different format, you can convert with: ssh-keygen -i -f key.pub > key_openssh.pub.
How do I find my SSH key fingerprint?
Run 'ssh-keygen -l -f ~/.ssh/id_ed25519.pub' to see the fingerprint in SHA256 format. The fingerprint is a hash of the public key data that uniquely identifies it — useful for verifying keys match across systems. GitHub shows key fingerprints in your account settings, so you can compare them. This tool computes the SHA256 fingerprint for public keys entirely in your browser.
Can I check if my SSH key has a passphrase?
For PEM-format private keys, look for 'Proc-Type: 4,ENCRYPTED' or 'BEGIN ENCRYPTED PRIVATE KEY' in the file — these indicate the key is passphrase-protected. For the newer OpenSSH format, it's not visible in the text. You can test by running 'ssh-keygen -y -f ~/.ssh/id_ed25519' — if it prompts for a passphrase, the key is protected; if it outputs the public key immediately, it's unencrypted.
What does 'invalid key format' mean?
The 'invalid key format' error typically means the key file is corrupted, truncated, or in the wrong format for the tool you're using. Common causes include: copying the key without the full base64 data, missing the BEGIN/END markers in PEM keys, extra whitespace or line breaks, using a PEM key where OpenSSH format is expected (or vice versa), or mixing up public and private keys. Try regenerating the key or converting between formats with ssh-keygen.

Related Tools

Key Generator

Generate RSA, Ed25519, and ECDSA SSH keys securely in your browser.

Port Checker

Test if SSH port 22 is open on any server. Diagnose firewall and connection issues.

Config Generator

Generate ~/.ssh/config entries visually. Build config files with host aliases, jump hosts, and identity files.

PEM to PPK Converter

Convert PEM SSH keys to PPK format for PuTTY. Validate keys and get step-by-step conversion instructions.

SSL Checker

Check SSL/TLS certificate validity, expiry, chain, and issuer for any domain. Color-coded expiry warnings.

Need to manage SSH connections?

SSH Workbench lets you connect, browse files, and manage servers visually.

Try SSH Workbench Free