SSH Workbench

SSH Key Generator

Generate SSH key pairs securely in your browser.

Client-side only — nothing leaves your browser

Quick Start (Terminal)

Prefer the command line? Generate the same key with:

ssh-keygen -t ed25519 -C "[email protected]"

Replace with -t rsa -b 4096 for RSA keys.

What is SSH Key Generation?

SSH keys are cryptographic key pairs used for secure authentication to remote servers. Instead of typing a password, your private key proves your identity. The public key goes on servers you want to access, while the private key stays secret on your machine.

SSH Key Types Compared

TypeSecuritySpeedCompatibility
Ed25519ExcellentVery fastModern systems (OpenSSH 6.5+)
RSA 4096ExcellentSlowerUniversal
RSA 2048GoodModerateLegacy systems

Frequently Asked Questions

Should I use RSA or Ed25519 in 2026?
Ed25519 is recommended for most users. It offers equivalent security to RSA 4096 with much smaller keys (256 bits vs 4096 bits), faster performance, and resistance to certain side-channel attacks. Use RSA 4096 only if you need to connect to older systems that don't support Ed25519.
Why does GitHub reject my SSH key?
Common reasons include: using an unsupported key type (GitHub deprecated RSA with SHA-1), the key wasn't added correctly to your GitHub account, or there's a mismatch between your local key and what's on GitHub. Try generating a new Ed25519 key and adding it fresh to your account.
What's the difference between PEM and OpenSSH format?
PEM format uses headers like '-----BEGIN RSA PRIVATE KEY-----' and is the traditional format. OpenSSH format (introduced in OpenSSH 6.5) uses '-----BEGIN OPENSSH PRIVATE KEY-----' and supports all key types including Ed25519. Most modern tools support both formats.
Do SSH keys expire?
By default, SSH keys do not expire — they remain valid indefinitely unless manually revoked. However, you can set an expiry when creating certificates with ssh-keygen using the -V flag (e.g., ssh-keygen -V +52w for one year). Many organizations enforce key rotation policies (e.g., every 90 days) as a security practice, even though the keys themselves don't technically expire.
Does ssh-keygen overwrite existing keys?
Yes — if you run ssh-keygen and a key file already exists at the target path (e.g., ~/.ssh/id_ed25519), it will prompt you to confirm before overwriting. If you use the -f flag with a non-interactive script, it can overwrite without asking. To avoid losing existing keys, either use a different filename (-f ~/.ssh/id_ed25519_work) or back up your keys first.

Related Tools

Port Checker

Test if SSH port 22 is open on any server. Diagnose firewall and connection issues.

Config Generator

Generate ~/.ssh/config entries visually. Build config files with host aliases, jump hosts, and identity files.

Key Validator

Validate SSH public and private keys. Check key type, format, fingerprint, and comment.

PEM to PPK Converter

Convert PEM SSH keys to PPK format for PuTTY. Validate keys and get step-by-step conversion instructions.

SSL Checker

Check SSL/TLS certificate validity, expiry, chain, and issuer for any domain. Color-coded expiry warnings.

Need to manage SSH connections?

SSH Workbench lets you connect, browse files, and manage servers visually.

Try SSH Workbench Free