An SSH key analyzer inspects SSH public keys to reveal the key type, bit length, cryptographic fingerprints, and security rating. Paste any OpenSSH public key (ssh-rsa, ssh-ed25519, ecdsa-sha2-nistp256) to instantly see the SHA-256 and MD5 fingerprints used for server verification, authorized_keys management, and key auditing.
Paste SSH Public Key
Parse Error
Key Details
Fingerprints
SHA-256 is the modern format (OpenSSH 6.8+). MD5 is the legacy format used by some CI/CD systems and GitHub's API.
How to Use the SSH Key Analyzer
SSH keys are used to authenticate to servers, GitHub, CI/CD systems, and other services. The SSH key analyzer helps you inspect public keys to verify key type, check if your key meets current security standards, and generate fingerprints for auditing and authorized_keys management.
Step 1: Find Your SSH Public Key
Your SSH public key is stored in ~/.ssh/id_ed25519.pub (or id_rsa.pub, id_ecdsa.pub for other key types). You can also find it in your SSH agent with ssh-add -L. The public key format is: keytype base64data comment
Step 2: Paste and Analyze
Copy the full public key line (starting with ssh-ed25519, ssh-rsa, or ecdsa-sha2-*) and paste it into the textarea. The analyzer parses the key type, decodes the base64 key data to determine the bit length, and computes both SHA-256 and MD5 fingerprints. Public keys are safe to share — they are not secret.
Understanding Key Types
Ed25519 is the recommended modern choice — 256-bit keys based on the Edwards curve, faster operations, resistant to implementation errors. Generate with ssh-keygen -t ed25519. ECDSA P-256 is also modern and strong. RSA 4096-bit provides strong security for legacy compatibility. RSA 2048-bit is the minimum acceptable RSA size. RSA 1024-bit is considered broken — replace it immediately.
Using Fingerprints for Server Verification
When connecting to a server for the first time, SSH shows the host's public key fingerprint for you to verify. You can check the fingerprint against your records using ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key.pub on the server. GitHub shows your key's SHA-256 fingerprint in Settings > SSH keys to confirm you uploaded the right key.
Auditing authorized_keys
The SSH key analyzer is useful for auditing an authorized_keys file — paste each key to verify the type and strength, identify weak RSA 1024-bit keys that should be rotated, check comment fields to identify key owners, and compare fingerprints against your approved key inventory.
FAQ
Is this SSH key analyzer free?
Yes, completely free. The analysis runs entirely in your browser — no keys are transmitted to any server. Public keys are not secret, but the tool works safely for any public key.
Is my SSH key data safe?
Yes. Public SSH keys are safe to share — they are the non-secret half of your key pair. The tool processes everything client-side in JavaScript with no server requests.
What format should I paste the SSH public key in?
Paste the public key in OpenSSH format — the one-line format that starts with the key type (ssh-rsa, ssh-ed25519, ecdsa-sha2-nistp256, etc.) followed by a base64 blob and an optional comment. This is the format you'd find in your ~/.ssh/id_ed25519.pub file or in an authorized_keys entry.
What is the SSH key fingerprint used for?
SSH fingerprints are used to verify server identity and track key usage. When you first connect to a server, SSH shows the fingerprint so you can verify you're connecting to the right machine. The SHA256 fingerprint (in base64) is the modern format used by OpenSSH 6.8+. MD5 hex format is the legacy format still used by some systems and GitHub's API.
Should I use RSA or Ed25519?
Ed25519 is the recommended choice for new keys — it's faster, more secure, and produces shorter signatures than RSA. RSA 4096-bit is still acceptable for legacy compatibility, but RSA 1024-bit is considered broken and should be replaced. ECDSA 256-bit (P-256 curve) is also modern and strong. Generate new keys with: ssh-keygen -t ed25519 -C 'your_email@example.com'
What does the comment field in an SSH key contain?
The comment is the third (optional) part of the public key line. It's typically set to user@hostname when generated with ssh-keygen, or a custom label. Comments help identify which key belongs to which person or system in an authorized_keys file — especially useful when a server has many authorized keys.
How do I view the fingerprint of a key I have on disk?
Run 'ssh-keygen -lf ~/.ssh/id_ed25519.pub' to see the fingerprint. The -l flag shows the fingerprint, -E md5 changes to MD5 format (e.g., ssh-keygen -E md5 -lf ~/.ssh/id_ed25519.pub). On GitHub, your key fingerprints appear in Settings > SSH and GPG keys.