Generate an SSH key online using this free, browser-based tool that runs entirely client-side. Your private key is created locally and never transmitted to any server. Choose your key type and bit length, then download or copy both keys. No signup or installation needed, making this useful for quick key generation during onboarding or CI setup.
The SSH Key Generator creates RSA and ECDSA public/private key pairs directly in your browser using the Web Crypto API. SSH key pairs are the standard authentication method for connecting to Linux servers, GitHub, GitLab, Bitbucket, and cloud infrastructure from AWS EC2 to DigitalOcean droplets without using passwords. This generator supports RSA-2048, RSA-4096, ECDSA P-256, and ECDSA P-384. The private key is never transmitted to any server: all cryptography runs locally in your browser and the key exists only in your current session. Keys are exported in PEM format, compatible with OpenSSH, PuTTY, the GitHub and GitLab web interfaces, and all major SSH clients. After generating, save the private key to your ~/.ssh/ directory and add the public key to the authorized_keys file on your server or the SSH keys section of your Git hosting account.
SSH key pairs are the standard authentication method for remote server access, Git hosting services, and automated deployment pipelines. A key pair consists of a private key kept secret on your local machine and a public key added to the server or service. This tool generates RSA (2048 or 4096-bit) and ECDSA (P-256 or P-384) pairs entirely in your browser using the Web Crypto API. The private key is never transmitted and exists only in your browser session. RSA-4096 offers maximum compatibility with older systems and tools that predate elliptic curve support. ECDSA P-256 and P-384 use elliptic curve cryptography, which provides equivalent security to RSA but with much shorter key lengths, faster key generation, and smaller authentication signatures. For most modern use cases (GitHub, recent Linux servers, AWS), ECDSA P-256 is the recommended choice. After downloading the private key, set its permissions to 600 with chmod 600 ~/.ssh/id_ecdsa so that OpenSSH accepts it (it refuses keys readable by other users as a security measure). For team infrastructure, consider using separate keys for different purposes: one key for GitHub, another for production servers, another for CI/CD systems. This limits the blast radius if one private key is ever compromised.