What is the best SSH key algorithm to use in 2026?

ED25519 is the default for new SSH keys: fast, 256-bit (≈ RSA 3072 strength), short public keys, immune to RNG-quality issues, and supported by every modern server (OpenSSH 6.5+ from 2014). Use RSA 4096 only for legacy systems that don't accept ED25519. ECDSA only for FIPS compliance. Never generate DSA — it was removed entirely in OpenSSH 9.8 (2024).

How do I convert an OpenSSH or PEM key to PuTTY .ppk format?

Use the 'Convert your own key to .ppk' section on this page: paste your OpenSSH or PEM private key, enter the passphrase if it's encrypted, click Convert. The .ppk appears with Copy and Download buttons. No need to install PuTTYgen — the conversion runs server-side. Works for ED25519, RSA, ECDSA, and DSA keys.

Do I need to install PuTTY or PuTTYgen to get a .ppk file?

No. Tick the 'Also produce .ppk for PuTTY / WinSCP / Pageant' checkbox before generating — you'll get both the OpenSSH key (.pem / .pub) and the PuTTY .ppk file in a single response. If you already have a key, use the Convert section to transform it. ED25519 .ppk files require PuTTY 0.78+ to open; for older PuTTY versions, generate an RSA 4096 key instead.

How do I add my SSH key to GitHub, GitLab, AWS EC2, or Azure?

Generate your key above and copy the public key (starts with ssh-ed25519, ssh-rsa, ecdsa-sha2-*). GitHub: Settings → SSH and GPG keys → New SSH key. GitLab: Preferences → SSH Keys → Add new key. Bitbucket: Personal settings → SSH keys → Add key. AWS EC2: import the key pair in the EC2 console or use ssh-copy-id once you can reach the instance. Azure: Networking → Public SSH key during provisioning, or run az vm user update.

Should I use a passphrase for my SSH private key?

Yes. A passphrase encrypts the private key on disk so a stolen file alone can't be used to authenticate. Use ssh-agent (ssh-add ~/.ssh/id_ed25519) so you only type it once per session. On macOS, ssh-add --apple-use-keychain persists across reboots. On this tool, the same passphrase is applied uniformly to the OpenSSH key, the PEM, and the PPK — so any format works with the password you choose.

Is this SSH key generator safe — are keys stored or logged?

Keys are generated server-side using cryptographically secure random number generation (CSRNG), returned to your browser over HTTPS, and never persisted to disk or logs on our infrastructure. For maximum trust with highly sensitive applications, generate keys offline with ssh-keygen on your own machine. Private key material is also never sent to the built-in AI assistant — only public-key metadata (algorithm, fingerprint) is shown to it.

Free SSH Key Generator & PuTTY .ppk Con...

SSH Key Configuration

Algorithm

🛡 ED25519 Best 🔐 RSA Common 📈 ECDSA EC ⚠ DSA Deprecated

Key Size

Fixed 256-bit (≈ RSA 3072)

Passphrase (optional)

Also produce .ppk for PuTTY / WinSCP / Pageant

Note: ED25519 .ppk files require PuTTY 0.78+ (Oct 2022) to open. For older PuTTY, generate an RSA 4096 key instead.

⇄ Convert your own key to .ppk already have an OpenSSH / PEM key?

Generated Keys

Ready

Your SSH keys will appear here

Select algorithm, key size, and click "Generate SSH Keys"

Bash Executor

How to Generate an SSH Key

1 Select algorithm (ED25519 or RSA) and key size above

2 Click Generate SSH Keys

3 Copy your public key or download .pem/.pub files

4 Add public key to GitHub, GitLab, AWS, or ~/.ssh/authorized_keys

Use for GitHub, GitLab, AWS, Azure

GitHub – Settings → SSH and GPG keys → New SSH key → paste public key

GitLab – Preferences → SSH Keys → paste public key

AWS EC2 – Paste public key when creating a key pair, or import to existing instance

Azure – Use public key when creating Linux VM, or add to ~/.ssh/authorized_keys

Documentation

What is SSH?

SSH (Secure Shell) is a cryptographic network protocol for secure remote login, command execution, and file transfer. SSH keys replace passwords with asymmetric key pairs: a private key (kept secret) and a public key (shared with servers).

When you connect, the server verifies your identity using the public key. The private key never leaves your machine (or this tool’s secure generation flow).

Key Algorithms: ED25519, RSA, ECDSA, DSA

ED25519 (recommended) – 256-bit elliptic curve. Fast, small, secure. Use for new keys.
RSA – 1024/2048/4096-bit. Widely supported; prefer 2048+ bits. 4096 for higher security.
ECDSA – P-256, P-384, P-521. Good balance of size and security.
DSA – Deprecated. Avoid for new keys.

Using ssh-keygen (command line)

# ED25519 (recommended)
ssh-keygen -t ed25519 -C "[email protected]" -f ~/.ssh/id_ed25519 -N ""

# RSA 4096
ssh-keygen -t rsa -b 4096 -C "[email protected]" -f ~/.ssh/id_rsa -N ""

# Display fingerprint
ssh-keygen -lf ~/.ssh/id_ed25519.pub

Use the ssh-keygen & test tab above to run these in the browser.

Example: Full private key and public key content

ED25519 public key (single line, share this):

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGW7zkzy1o3jU8+7VqQK8xXj3H5n2pL8qR9sT0uV1wX [email protected]

ED25519 private key (keep secret, multi-line OpenSSH format):

RSA 2048 public key (single line):

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD...longerBase64...== [email protected]

RSA private key (PEM format, typically 27+ lines for 2048-bit):

-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcnNh
AAAAAwEAAQAAAYEA3...base64 continues for many lines...
-----END OPENSSH PRIVATE KEY-----

Generate your own keys above to see real output. Never share your private key.

Deploying keys: ssh-copy-id and authorized_keys

# Copy public key to server (easiest)
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@hostname

# Or manually: append public key to
~/.ssh/authorized_keys

After deploying, connect with ssh user@hostname. No password required.

Security best practices

Never share your private key. Only share the public key.
Use a passphrase for the private key and rely on ssh-agent during sessions.
Verify server fingerprints on first connection to avoid MITM attacks.
Prefer ED25519 or RSA 2048+ for new keys.
Store private keys with restricted permissions: chmod 600 ~/.ssh/id_*.

Frequently Asked Questions

What is the most secure SSH key algorithm?

ED25519 is recommended for new SSH keys. It offers 128-bit security (equivalent to RSA 3072-bit), faster operations, smaller key sizes, and resistance to timing attacks. RSA 4096-bit is a solid alternative for compatibility.

Should I use a passphrase for my SSH key?

Yes. A passphrase adds an extra layer of encryption to your private key. Use ssh-agent to avoid typing it repeatedly during active sessions.

How do I copy my SSH public key to a server?

Use ssh-copy-id: ssh-copy-id -i ~/.ssh/id_ed25519.pub user@hostname. Or manually append your public key to ~/.ssh/authorized_keys on the server.

What is an SSH key fingerprint?

The fingerprint is a short hash (e.g. SHA256:...) of your public key. Use ssh-keygen -lf ~/.ssh/id_ed25519.pub to display it. Verify fingerprints when connecting to new servers.

How do I download my SSH keys?

After generating keys, click "Download .pem" for the private key or "Download .pub" for the public key. Files are saved with algorithm-specific names (id_ed25519, id_rsa, etc.).

How do I add my SSH key to GitHub?

Generate your key above, then copy the public key. In GitHub: Settings → SSH and GPG keys → New SSH key → paste the key and save. Use the same key for GitLab, Bitbucket, and SSH servers.

About This SSH Key Tool & Methodology

This SSH key generator produces OpenSSH-format key pairs using standard algorithms (ED25519, RSA, ECDSA, DSA). Key generation runs on our secure server using industry-standard Java cryptography; the private key is transmitted over HTTPS only when you request it, and we do not log or store any keys. For fully client-side generation, use the ssh-keygen & test Bash tab to run ssh-keygen in your browser.

Authorship & Expertise

Author: Anish Nath
Background: Security and PKI tools for developers
Standards: OpenSSH format, RFC 4253, RFC 8709 (Ed25519)

Trust & Privacy

Privacy: Keys are never stored or logged on our servers
HTTPS: All traffic encrypted; keys transmitted only when displayed
Support: @anish2good

Menu

⭐ Popular Tools

🕒 Recently Used

📁 All Categories

Quick Links

Support

SSH Key Generator

Generated Keys

Your SSH keys will appear here

Bash Executor

How to Generate an SSH Key

Use for GitHub, GitLab, AWS, Azure

Documentation

Frequently Asked Questions

What is the most secure SSH key algorithm?

Should I use a passphrase for my SSH key?

How do I copy my SSH public key to a server?

What is an SSH key fingerprint?

How do I download my SSH keys?

How do I add my SSH key to GitHub?

About This SSH Key Tool & Methodology

Authorship & Expertise

Trust & Privacy

Support This Free Tool

Generated Keys

Your SSH keys will appear here

Bash Executor

How to Generate an SSH Key

Use for GitHub, GitLab, AWS, Azure

Documentation

Frequently Asked Questions

What is the most secure SSH key algorithm?

Should I use a passphrase for my SSH key?

How do I copy my SSH public key to a server?

What is an SSH key fingerprint?

How do I download my SSH keys?

How do I add my SSH key to GitHub?

Related Tools

About This SSH Key Tool & Methodology

Authorship & Expertise

Trust & Privacy

Support This Free Tool