SSH Key Generator

SSH (Secure Shell) key pairs provide cryptographic authentication for remote server access, Git operations, and secure file transfers. A key pair consists of a private key (kept secret on your local machine) and a public key (shared with servers you want to access). When you connect to a server, it challenges your client to prove it possesses the private key corresponding to the authorized public key — without ever transmitting the private key. SSH key algorithms include: RSA (the traditional standard, recommended minimum 4096 bits), Ed25519 (modern elliptic curve algorithm, shorter keys with equivalent security, faster operations), and ECDSA (elliptic curve, various key sizes). Ed25519 is the recommended choice for new keys — it provides strong security with compact 256-bit keys and fast signature generation. The AllTools SSH Key Generator creates key pairs using the Web Crypto API in the browser. Your private key is generated and displayed locally — it is never transmitted to any server, which is fundamentally important because the private key is the sole credential protecting your server access. Copy the private key to your ~/.ssh/ directory and add the public key to your server's authorized_keys file.

Proper SSH key management is essential for maintaining security across your infrastructure. Use separate key pairs for different purposes — a key for personal GitHub access, another for production server access, and another for CI/CD systems. This isolation limits blast radius if any single key is compromised. Protect private keys with passphrases — while passwordless keys are convenient, a passphrase-protected key adds a second factor (something you have plus something you know). Use ssh-agent to cache decrypted keys so you only enter the passphrase once per session. Set restrictive file permissions: chmod 600 for private keys and chmod 644 for public keys — SSH refuses to use private keys with overly permissive permissions. Rotate keys periodically — remove old public keys from authorized_keys when they are no longer needed. For organizations, use SSH certificate-based authentication managed by a Certificate Authority rather than distributing individual public keys. GitHub and GitLab support deploy keys (read-only or read-write SSH keys scoped to a single repository) for CI/CD pipelines, providing more granular access than personal SSH keys. The AllTools generator creates the key pair — you manage the deployment and lifecycle.