How to Generate SSH Key Pairs for Secure Server Access

How to Generate SSH Key Pairs for Secure Server Access

SSH keys are the standard way to authenticate with remote servers. They are more secure than passwords โ€” a 2048-bit RSA key is practically unbreakable by brute force โ€” and more convenient because you do not type a password every time you connect. Generating keys is the first step to setting up any server.

RSA vs. ECDSA

The ToolStand SSH Key Generator supports two key types: RSA (2048 or 4096 bit) โ€” the most widely compatible key type, supported by every SSH server. ECDSA (256 or 384 bit) โ€” newer elliptic curve keys that are smaller and faster while providing equivalent security. Use RSA for maximum compatibility, ECDSA for modern systems where supported.

Generating and using keys

Click Generate to create a key pair. The generator produces a public key (safe to share, goes on servers) and a private key (keep secret, stays on your machine) in PEM format. Copy the public key to your server authorized_keys file. Keep the private key in ~/.ssh/ with permissions set to 600 (read/write for owner only). Never share your private key โ€” anyone with it can access your servers.

Security best practices

Generate keys in your browser using crypto.subtle.generateKey() โ€” the private key material is handled securely and never transmitted. Use a passphrase to protect your private key. Rotate keys periodically (every 6-12 months). Use different keys for different servers or environments. Revoke keys immediately if a device is lost or compromised.

Explore all 109 free tools at toolstand.io. Free, forever. No sign-up. No download. Just tools that work.