Free Tool

Build an ssh-keygen command

Configure the options and copy a ready-to-run ssh-keygen command. You run it locally, so your private key is created on your machine and never touches this page.

Runs entirely in your browser. Nothing you paste or generate is uploaded.

Higher values make a stolen, passphrase-protected key slower to brute force.

Your command

Run this in your terminal. ssh-keygen will prompt for a passphrase — set a strong one. Your public key will be saved alongside the private key with a .pub extension.

After you generate a key

Add the public key (the .pub file) to the systems you need to reach. With GrantSSH, you upload that public key once and access is granted or revoked centrally — no manual editing of authorized_keys on each server.

Want to confirm the new key first? Paste the .pub contents into the public key inspector.

Frequently asked questions

Why not generate the key here?
Best practice is to create private keys on the machine that will use them, where you control the environment. This tool gives you the exact command to do that.
Which algorithm should I choose?
ed25519 is the modern default: small, fast, and secure. Choose RSA (4096-bit) only when you need to support older systems that lack ed25519.
Should I set a passphrase?
Yes. A passphrase encrypts the private key at rest, so a stolen key file is not immediately usable. ssh-keygen will prompt you for one when you run the command.

Ready for Controlled SSH Access?

Create your account and start granting time-limited SSH access in minutes.

Set up controlled SSH access in minutes.