1.7 KiB
ssh-seed-keygen
A small tool for generating Ed25519 SSH keys with a twist: every key comes with a 24-word backup phrase, the same kind hardware wallets use. Lose the key file, still have the words — run recover, get your key back. Same key, every time.
The idea
SSH keys are just random bytes. BIP39 is a standard for encoding random bytes as human-readable words. This tool generates 256 bits of entropy, turns it into both an SSH key and a mnemonic, and hands you both. Recovery is just the reverse — give back the 24 words, get back the exact same key pair.
Getting started
bash setup.sh
That's it. Creates a virtualenv and installs the two dependencies.
Generating a key
.venv/bin/python keygen.py generate
Saves the key to ~/.ssh/id_ed25519 by default, then prints your 24 words. Write them down somewhere offline. They're the only backup that matters.
A few useful flags:
# different output path
.venv/bin/python keygen.py generate -o ~/.ssh/id_ed25519_work
# add a comment to the public key (usually your email)
.venv/bin/python keygen.py generate -C you@example.com
# password-protect the key file on disk
.venv/bin/python keygen.py generate -p
Recovering a key
# pass the words directly
.venv/bin/python keygen.py recover word1 word2 ... word24
# or just run it and paste them when prompted
.venv/bin/python keygen.py recover
Same flags apply — -o to control where the files land, -p if you want a passphrase on the recovered key.
One thing to keep in mind
The mnemonic isn't a hint or a backup code — it literally encodes the private key. Anyone with those 24 words has your key. Store them accordingly.