Generate Ed25519 and ECDSA SSH key pairs with fingerprint display. Understand key types, authentication flow, and SSH security best practices.
Recommended. Fastest, most secure, smallest keys (256-bit). Supported by OpenSSH 6.5+.
This generates demonstration key pairs using the Web Crypto API (ECDSA P-256). For production SSH keys, use ssh-keygen on your terminal.
Click generate to create an SSH key pair
When you connect to a server, it sends a random challenge. Your SSH client signs the challenge with your private key (never sent over the network). The server verifies the signature using your public key (stored in ~/.ssh/authorized_keys). This proves your identity without transmitting a password. Even if the connection is intercepted, the attacker cannot impersonate you without your private key file.
Ed25519 uses the Curve25519 elliptic curve designed by Daniel J. Bernstein. Its key is always 256 bits(~68 Base64 characters for the public key), yet provides ~128 bits of security — equivalent to RSA-3072. It is deterministic (no random nonce needed during signing, eliminating a class of implementation bugs), fast (76,000 signatures per second on a single CPU core), and immune to timing attacks by design. GitHub, GitLab, and all major cloud providers recommend Ed25519 as the default key type.
1) Always protect private keys with a passphrase (ssh-keygen -t ed25519 -C "email"). 2) Use ssh-agent to cache the decrypted key in memory, so you type the passphrase only once per session. 3) Set file permissions: chmod 600 ~/.ssh/id_ed25519. 4)Use separate keys per device — if a laptop is compromised, revoke only that key. 5) Rotate keys annually. Add expiration dates with ssh-keygen -O validity-interval.
The fingerprint is a SHA-256 hash of the public key, displayed as Base64. When you first connect to a server, SSH shows its host key fingerprint for you to verify. This prevents man-in-the-middle attacks — if the fingerprint changes unexpectedly, someone may be intercepting your connection. Services like GitHub publish their SSH host key fingerprints so you can verify them before connecting.
Ed25519 is recommended for all new keys. It is faster, has smaller keys, is deterministic (no nonce reuse risk), and was designed to resist timing side-channel attacks. Use ECDSA P-256 only if you need compatibility with older systems (FIPS 186-4 compliance, older hardware tokens, or OpenSSH versions before 6.5).
RSA-2048 SSH keys are still secure but have larger key sizes (544 characters vs 68 for Ed25519), slower operations, and a larger attack surface. OpenSSH 8.8 (2021) disabled ssh-rsa signatures by default due to SHA-1 weaknesses. If you must use RSA, ensure at least 3072-bit keys with rsa-sha2-256 or rsa-sha2-512 signatures.
SSH certificates are signed by a Certificate Authority (CA) and include metadata like expiration dates and allowed principals. Unlike raw keys, they don't require adding each user's public key to authorized_keys — the server trusts any key signed by the CA. This scales much better for organizations with many servers and users.