SSH Key Generator
Generate SSH key pairs securely in your browser.
Client-side only — nothing leaves your browser
Quick Start (Terminal)
Prefer the command line? Generate the same key with:
ssh-keygen -t ed25519 -C "[email protected]"Replace with -t rsa -b 4096 for RSA keys.
What is SSH Key Generation?
SSH keys are cryptographic key pairs used for secure authentication to remote servers. Instead of typing a password, your private key proves your identity. The public key goes on servers you want to access, while the private key stays secret on your machine.
SSH Key Types Compared
| Type | Security | Speed | Compatibility |
|---|---|---|---|
| Ed25519 | Excellent | Very fast | Modern systems (OpenSSH 6.5+) |
| RSA 4096 | Excellent | Slower | Universal |
| RSA 2048 | Good | Moderate | Legacy systems |
Frequently Asked Questions
Should I use RSA or Ed25519 in 2026?
Ed25519 is recommended for most users. It offers equivalent security to RSA 4096 with much smaller keys (256 bits vs 4096 bits), faster performance, and resistance to certain side-channel attacks. Use RSA 4096 only if you need to connect to older systems that don't support Ed25519.
Why does GitHub reject my SSH key?
Common reasons include: using an unsupported key type (GitHub deprecated RSA with SHA-1), the key wasn't added correctly to your GitHub account, or there's a mismatch between your local key and what's on GitHub. Try generating a new Ed25519 key and adding it fresh to your account.
What's the difference between PEM and OpenSSH format?
PEM format uses headers like '-----BEGIN RSA PRIVATE KEY-----' and is the traditional format. OpenSSH format (introduced in OpenSSH 6.5) uses '-----BEGIN OPENSSH PRIVATE KEY-----' and supports all key types including Ed25519. Most modern tools support both formats.
Do SSH keys expire?
By default, SSH keys do not expire — they remain valid indefinitely unless manually revoked. However, you can set an expiry when creating certificates with ssh-keygen using the -V flag (e.g., ssh-keygen -V +52w for one year). Many organizations enforce key rotation policies (e.g., every 90 days) as a security practice, even though the keys themselves don't technically expire.
Does ssh-keygen overwrite existing keys?
Yes — if you run ssh-keygen and a key file already exists at the target path (e.g., ~/.ssh/id_ed25519), it will prompt you to confirm before overwriting. If you use the -f flag with a non-interactive script, it can overwrite without asking. To avoid losing existing keys, either use a different filename (-f ~/.ssh/id_ed25519_work) or back up your keys first.
Related Tools
Need to manage SSH connections?
SSH Workbench lets you connect, browse files, and manage servers visually.
Try SSH Workbench Free