SSH Key Generator
Generate RSA (2048/4096-bit) key pairs in your browser using Web Crypto API. Keys are generated client-side and never transmitted.
~/.ssh/authorized_keys on your serverWhat is an SSH Key Generator?
An SSH key generator creates a cryptographic key pair — a public key and a private key — used to authenticate with remote servers, Git hosting platforms, and cloud infrastructure without passwords. SSH (Secure Shell) is the standard protocol for encrypted remote access in DevOps and system administration. Key-based authentication is preferred over password authentication because it is immune to brute-force attacks, does not transmit secrets over the network, and can be easily revoked on a per-key basis without changing a shared password.
The tool generates RSA key pairs (2048-bit or 4096-bit) entirely in your browser using the Web Crypto API — the same cryptographic subsystem used by password managers and banking applications. The private key is computed locally and never transmitted to any server; it is displayed only once and is gone when you close the page. RSA is the most widely supported SSH key type and works with every major SSH server, Git platform, and cloud provider that accepts SSH authentication.
When to Use This Tool
- New server setup: Generate a key pair to use for initial SSH access when provisioning a new VPS or cloud VM, and add the public key during the instance creation wizard.
- GitHub / GitLab authentication: Generate a key pair to authenticate Git operations over SSH instead of using personal access tokens, then add the public key to your account's SSH keys settings.
- CI/CD pipeline access: Generate a dedicated deployment key pair for a CI/CD system to clone private repositories or deploy to servers, keeping the deploy key separate from personal keys.
- Quick key generation without ssh-keygen installed: On machines where you do not have a terminal or the ssh-keygen command available, use this browser-based tool as a convenient substitute.
How It Works
The tool uses crypto.subtle.generateKey() from the Web Crypto API to generate an RSA-OAEP key pair with a 65537 public exponent and SHA-256 hashing. The key pair is exported using the SPKI format for the public key and PKCS#8 format for the private key, then Base64-encoded with PEM headers (-----BEGIN PUBLIC KEY----- and -----BEGIN PRIVATE KEY-----) for compatibility with standard SSH tooling. All computation happens in the browser's JavaScript sandbox — no network requests are made and no data leaves your device.
Frequently Asked Questions
What key type should I use — RSA 2048 or RSA 4096?
RSA 4096-bit keys provide a higher security margin and are the recommended choice for keys that will protect long-lived access to important infrastructure. The computational cost of RSA 4096 is higher than 2048-bit, but for interactive SSH sessions this difference is imperceptible. RSA 2048-bit is considered secure by current standards and is appropriate for short-lived keys or high-throughput automation where authentication speed matters. Both options are widely supported by all major SSH servers and Git platforms.
Is it safe to generate SSH keys in a browser?
This tool uses the Web Crypto API, a cryptographically secure subsystem built into modern browsers and subject to the same security review as password managers and online banking applications. Key generation happens entirely in your browser process and no data is transmitted over the network. That said, for the highest-security use cases — keys protecting production databases or root access to critical infrastructure — generating keys directly on the target server or a dedicated air-gapped workstation eliminates any concern about the browser environment.
How do I add my public key to a server or GitHub?
To authenticate with a Linux server, copy the public key text and append it to the file ~/.ssh/authorized_keys on the remote host — one key per line. The ~/.ssh directory must have permissions 700 and authorized_keys must have permissions 600, otherwise the SSH daemon will refuse to use it. You can also use ssh-copy-id -i pubkey.pub user@server if you have temporary password access. For GitHub or GitLab, paste the public key into your account settings under "SSH Keys" — the platform uses it to verify your identity during git clone and git push operations.