Security
SSH Key Passphrase Generator
Generate strong passphrases for SSH private keys. Protect your server access with a secure passphrase. Free, browser-based, no data stored.
About this ssh key passphrase generator
An SSH key passphrase encrypts your private key file — if someone steals the file (from a backup, a compromised laptop, or a stolen drive), they cannot use it without the passphrase. Without a passphrase, anyone with your private key file has instant access to every server it is authorized for. The passphrase should be long enough to resist offline brute-force attacks against the key file encryption (typically AES-128 or AES-256). Since you type this passphrase whenever you load the key (unless using an SSH agent), it needs to be both strong and typeable. This generator defaults to 20 characters with letters and numbers — a practical balance between security and the frequent typing required. If you use an SSH agent that caches the unlocked key, you can use a longer, more complex passphrase since you only type it once per session.
FAQ
Common questions
Do I really need a passphrase on my SSH key?
Yes. An unprotected private key is equivalent to writing your password in a plain text file. Anyone who obtains the file — through a backup breach, stolen laptop, or malware — has full access to your servers.
How long should an SSH passphrase be?
At least 16-20 characters. The passphrase protects against offline attacks on the key file, so it needs to be strong enough to resist GPU-accelerated cracking. 20 characters with mixed types provides ~119-131 bits of entropy.
Can I use an SSH agent to avoid typing it repeatedly?
Yes. ssh-agent caches the decrypted key in memory for the duration of your session. You type the passphrase once when loading the key, then connect to servers without re-entering it. On macOS, the Keychain can store it permanently.
What if I forget my SSH passphrase?
There is no recovery mechanism — the passphrase is the encryption key for the private key file. You would need to generate a new SSH key pair and add the new public key to your servers. Store the passphrase in a password manager as backup.
More in Security