Loading tool...
Generate Certificate Signing Requests (CSR) for SSL/TLS certificates with RSA key pairs. Submit to CAs for certificate issuance
Generate .gitignore files for any project. Pre-built templates for Node.js, Python, React, Java, Go, Rust, and 50+ more technologies.
Generate self-signed SSL/TLS certificates for local development and testing. Includes Subject Alternative Names support
Generate secure SSH key pairs directly in your browser for passwordless authentication to servers, Git repositories, and other SSH-based services. SSH key authentication is more secure than passwords, yet generating keys requires command-line tools that not all users are comfortable with. This tool generates Ed25519 (modern, secure, compact) and RSA key pairs (classic, compatible) entirely in your browser using the WebCrypto API, with no keys transmitted to external services. Generated keys are in standard OpenSSH format, immediately compatible with Unix/Linux servers, GitHub, GitLab, and other Git platforms. Calculate SHA-256 fingerprints for verifying key identity and preventing man-in-the-middle attacks. Includes setup instructions for adding public keys to servers, configuring SSH clients, and managing key permissions. The tool supports adding comments to keys for organization when managing multiple keys. Essential for developers, system administrators, and DevOps engineers setting up secure access across infrastructure.
Generate keys for passwordless login to servers, eliminating password-based attacks and improving security.
Create SSH keys for GitHub, GitLab, Bitbucket, and other Git platforms for secure repository access.
Set up passwordless access to development, production, and utility servers with SSH key authentication.
Generate keys for CI/CD systems to securely access repositories and deploy servers.
Use SSH keys with SCP and SFTP for secure file transfer without password entry or storage.
Enable automated scripts to securely access remote systems using key-based authentication.
The SSH (Secure Shell) protocol, developed by Tatu Ylonen in 1995 at the Helsinki University of Technology, was created to replace insecure remote access protocols like Telnet, rsh, and rlogin that transmitted data, including passwords, in plaintext. SSH provides encrypted communication channels over unsecured networks, and its key-based authentication mechanism eliminates the security vulnerabilities inherent in password-based login. The protocol has become the standard for remote server administration, secure file transfer, and Git repository access.
Asymmetric cryptography forms the foundation of SSH key authentication. A key pair consists of a private key (kept secret on the client machine) and a mathematically related public key (placed on servers in the ~/.ssh/authorized_keys file). During authentication, the server sends a random challenge encrypted with the user's public key. Only the holder of the corresponding private key can decrypt this challenge and prove their identity. This mechanism is immune to password brute-force attacks, credential stuffing, and keylogging because the private key never leaves the client machine and is never transmitted over the network.
Ed25519, introduced in OpenSSH 6.5 (2014), uses elliptic curve cryptography based on Curve25519, designed by Daniel J. Bernstein. Ed25519 keys are only 256 bits (32 bytes) yet provide security equivalent to approximately 3000-bit RSA keys. The algorithm is designed to be resistant to side-channel attacks, produces deterministic signatures (eliminating the catastrophic failure mode where a compromised random number generator leaks the private key), and is significantly faster than RSA for both key generation and signing operations. RSA keys, while older and more widely compatible, require much larger key sizes (2048-4096 bits) to achieve comparable security and are slower in both generation and authentication operations.
The key exchange process during SSH connection establishment uses a separate mechanism from user authentication. The Diffie-Hellman key exchange (or its elliptic curve variant, ECDH) allows client and server to derive a shared secret over an insecure channel without any prior shared keys. This shared secret is used to derive symmetric session keys for encrypting the connection. The server's host key, verified against the client's known_hosts file, authenticates the server's identity and prevents man-in-the-middle attacks. When connecting to a server for the first time, the client displays the server's key fingerprint (a SHA-256 hash of the public key) for manual verification, which is why managing and verifying key fingerprints is an important operational security practice.
Ed25519 is recommended for most uses. It's modern, fast, has small keys, and is highly secure. Use RSA only if you need compatibility with older systems.
The fingerprint is a short hash of your public key. Use it to verify you're connecting to the right server and that your key hasn't been modified.
For maximum security, encrypt your private key with a passphrase using ssh-keygen after downloading. This tool generates unencrypted keys for convenience.
All processing happens directly in your browser. Your files never leave your device and are never uploaded to any server.