Logo

MonoCalc

/

SSH Key Generator

Encode/Decode

Algorithm

Ed25519

Recommended

Modern, fast, 256-bit security

RSA

Wide compatibility, configurable size

ECDSA

Compact keys, strong NIST-curve security

Equivalent ssh-keygen command

ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519

About This Tool

🔑 SSH Key Generator – Secure Key Pairs in Your Browser

SSH (Secure Shell) keys are cryptographic credentials used to authenticate with remote servers, code repositories, cloud providers, and CI/CD pipelines — without passwords. This tool generates SSH key pairs entirely in your browser using the Web Cryptography API, so your keys never leave your device.

Why Use SSH Keys Instead of Passwords?

SSH keys offer significantly stronger security than passwords. A typical SSH key pair involves a public key (shared with servers) and a private key (kept secret on your machine). Authentication works by proving possession of the private key through a cryptographic challenge — no password is transmitted over the network.

SSH keys eliminate risks like brute-force attacks, credential stuffing, and phishing for server access. They are required for passwordless login, Git operations via SSH, automated deployments, and API access to cloud services.

Choosing the Right Algorithm

AlgorithmKey SizeSpeedCompatibilityRecommendation
Ed25519256-bit fixedVery fastOpenSSH 6.5+, GitHub, GitLab, AWS✅ Best choice for new keys
RSA 40964096-bitSlowerUniversal (all systems)✅ Best for legacy compatibility
ECDSA P-384384-bitFastOpenSSH 5.7+, most modern servers✅ Good NIST-curve option
RSA 20482048-bitModerateUniversal⚠️ Minimum acceptable, prefer 4096

Understanding the Output

Public Key — output in OpenSSH authorized_keys format (e.g., ssh-ed25519 AAAA... user@host). Copy this to the server's ~/.ssh/authorized_keys file, or paste it into GitHub/GitLab SSH key settings. It is safe to share publicly.

Private Key — output in PEM/PKCS#8 format. Save this as ~/.ssh/id_ed25519 (or id_rsa, etc.) with permissions chmod 600. Never share this key with anyone.

Fingerprint — a SHA-256 hash of the public key in Base64 format, prefixed with SHA256:. Use it to verify you are connecting to the correct server, or to compare keys across systems.

Using a Passphrase

Adding a passphrase encrypts your private key file using PBKDF2 + AES-256-GCM. Even if your key file is stolen, an attacker cannot use it without knowing the passphrase. Use ssh-agent to cache the decrypted key in memory so you only need to enter the passphrase once per session.

Security Best Practice

Your private key must remain secret. Never commit it to version control, share it over chat, or store it in an unencrypted cloud drive. If a private key is compromised, revoke it immediately by removing the corresponding public key from all authorized_keys files.

Deploying Your SSH Key

After generating a key pair, add the public key to your target:

  • Linux/macOS server: append to ~/.ssh/authorized_keys on the server
  • GitHub / GitLab / Bitbucket: paste in Settings → SSH Keys
  • AWS EC2: add to key pairs or user data during instance creation
  • Kubernetes / CI/CD: store as a secret and reference in pipelines

Client-Side Security Model

This tool runs all cryptographic operations using the browser's native SubtleCrypto API (window.crypto.subtle). No keys, passphrases, or any other data are sent to any server. The tool works entirely offline once loaded. You can verify this by opening your browser's network inspector — you will see zero outbound requests during key generation.

The equivalent terminal command is also displayed so you can reproduce the same key type using ssh-keygen for verification or automation purposes.

Frequently Asked Questions

Is the SSH Key Generator free?

Yes, SSH Key Generator is totally free :)

Can I use the SSH Key Generator offline?

Yes, you can install the webapp as PWA.

Is it safe to use SSH Key Generator?

Yes, any data related to SSH Key Generator only stored in your browser (if storage required). You can simply clear browser cache to clear all the stored data. We do not store any data on server.

How does this SSH Key Generator work?

This tool uses the browser's native Web Cryptography API (window.crypto.subtle) to generate SSH key pairs entirely on your device. All cryptographic operations run client-side — no key material is ever sent to a server. You choose an algorithm (Ed25519, RSA, or ECDSA), configure optional settings, and the tool outputs a public key in OpenSSH authorized_keys format and a private key in PEM/PKCS#8 format.

Which algorithm should I choose for my SSH key?

Ed25519 is the recommended modern choice — it offers 256-bit security with small key sizes, very fast performance, and is supported by all modern SSH servers and clients (OpenSSH 6.5+, GitHub, GitLab, Bitbucket, AWS, GCP, Azure). RSA 4096 is the safe legacy choice with the broadest compatibility across older systems. ECDSA P-384 or P-521 provides a good balance of size and security for users who need NIST-curve compatibility.

What key size should I use for RSA?

Use at least 3072 bits for new RSA keys — 4096 bits provides the best security margin. The 2048-bit minimum is acceptable for short-lived keys but becoming outdated as compute power increases. Avoid 1024-bit keys entirely as they are considered broken by modern cryptographic standards.

Should I set a passphrase on my private key?

Yes, setting a strong passphrase is highly recommended. If your private key file is stolen or leaked, an attacker cannot use it without the passphrase. Choose at least 12 characters mixing uppercase, lowercase, numbers, and symbols. The passphrase encrypts your private key using PBKDF2 key derivation and AES-256-GCM, so the file is useless without it.

Is it safe to generate SSH keys in a browser?

Yes — all cryptographic operations run locally using the Web Crypto API and never leave your device. The tool has no network requests during key generation. However, for production servers or critical infrastructure, generating keys on a trusted, air-gapped machine using the native ssh-keygen tool is the gold standard. This tool is ideal for development, testing, and learning purposes.

What is the SSH key fingerprint and why does it matter?

The fingerprint is a SHA-256 hash of the public key, displayed in Base64 format. It uniquely identifies a key pair without revealing the private key and is used to verify that a remote server is presenting the correct host key, confirm that two keys are matching pairs, and track key versions in authorized_keys files.