SSH Key Generator
Generate an Ed25519 or RSA SSH key pair right in your browser with the Web Crypto API - your private key never leaves your device. Copy or download the keys, ready for any server.
Keys are generated entirely in your browser with the Web Crypto API. Your private key is never sent anywhere - no network request, no logging.
Prefer the terminal? This is the equivalent command - and for production keys, generating locally with ssh-keygen or CtrlOps is the gold standard.
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519What is an SSH key pair?
An SSH key pair is two linked files: a private key you keep secret on your machine, and a public key you place on the servers you want to reach. When you connect, the server checks that you hold the matching private key - so you log in securely without ever typing a password.
Key-based auth is both safer and more convenient than passwords, which is why it is the standard for managing Linux servers.
Ed25519 or RSA?
Use Ed25519 unless you have a reason not to - it is fast, the keys are tiny, and the security is excellent. Reach for RSA (3072 or 4096 bits) only when you must support an older server or tool that predates Ed25519. Avoid DSA and 1024-bit RSA entirely; they are considered weak.
How to use your new key
- Generate the pair above and download both files into your
~/.sshdirectory. - Lock down the permissions:
chmod 600 ~/.ssh/id_ed25519andchmod 700 ~/.ssh. SSH refuses keys that others can read - our chmod calculator explains why. - Copy the public key to your server with
ssh-copy-id user@host, or append it to~/.ssh/authorized_keysthere. - Optionally add an alias in your SSH config so you can connect with a short name.
Is generating keys in the browser safe?
This tool runs entirely on your device using the browser's built-in Web Crypto API. The private key is created locally and is never transmitted, logged, or stored on any server. You can confirm this by generating a key with your network tab open - there is no request.
For the very highest assurance - production infrastructure, signing keys, anything long-lived - generating locally with ssh-keygen or inside CtrlOps remains the gold standard. This generator is ideal for learning, testing, and quick keys.
Which key type should you pick?
| Type | Notes |
|---|---|
| Ed25519 | The modern default - compact, fast, and very secure. Recommended for all new keys. |
| RSA 3072 / 4096 | Broadly compatible, including older servers. Use 3072 bits or more; never 1024. |
| ECDSA | Smaller than RSA, but Ed25519 is generally preferred over the NIST curves. |
| DSA | Obsolete and disabled in modern OpenSSH. Do not use it. |
Frequently asked questions
Related developer tools
Keep every key encrypted and in one place.
CtrlOps has a built-in SSH key management wizard - generate, store, and assign keys per server with AES-256 encryption at rest, all on your own machine. No more hunting for id_rsa across laptops.
✓ Start instantly·✓ No credit card·✓ No sneaky autorenewals

