diff --git a/Dockerfile b/Dockerfile
index f165628..f46ec38 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -51,7 +51,6 @@ FROM alpine:3.22 AS prod
 RUN apk update && \
     apk add --no-cache \
     shadow \
-    openssh-server \
     curl \
     git
 
diff --git a/config.yml b/config.yml
index 971e9d0..7b41d7d 100644
--- a/config.yml
+++ b/config.yml
@@ -91,9 +91,6 @@ ssh.port: 2222
 # If not set, uses the URL from the request
 ssh.external-domain:
 
-# Path or alias to ssh-keygen executable. Default: ssh-keygen
-ssh.keygen-executable: ssh-keygen
-
 # OAuth2 configuration
 # The callback/redirect URL must be http://opengist.url/oauth/<github|gitlab|gitea|openid-connect>/callback
 
diff --git a/docs/configuration/cheat-sheet.md b/docs/configuration/cheat-sheet.md
index 2292925..db53211 100644
--- a/docs/configuration/cheat-sheet.md
+++ b/docs/configuration/cheat-sheet.md
@@ -30,7 +30,6 @@ aside: false
 | ssh.host                | OG_SSH_HOST                         | `0.0.0.0`             | The host on which the SSH server should bind.                                                                                                                                                                                    |
 | ssh.port                | OG_SSH_PORT                         | `2222`                | The port on which the SSH server should listen.                                                                                                                                                                                  |
 | ssh.external-domain     | OG_SSH_EXTERNAL_DOMAIN              | none                  | Public domain for the Git SSH connection, if it has to be different from the HTTP one. If not set, uses the URL from the request.                                                                                                |
-| ssh.keygen-executable   | OG_SSH_KEYGEN_EXECUTABLE            | `ssh-keygen`          | Path to the SSH key generation executable.                                                                                                                                                                                       |
 | github.client-key       | OG_GITHUB_CLIENT_KEY                | none                  | The client key for the GitHub OAuth application.                                                                                                                                                                                 |
 | github.secret           | OG_GITHUB_SECRET                    | none                  | The secret for the GitHub OAuth application.                                                                                                                                                                                     |
 | gitlab.client-key       | OG_GITLAB_CLIENT_KEY                | none                  | The client key for the GitLab OAuth application.                                                                                                                                                                                 |
diff --git a/internal/config/config.go b/internal/config/config.go
index 7bd2c7f..3167a98 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -61,7 +61,6 @@ type config struct {
 	SshHost           string `yaml:"ssh.host" env:"OG_SSH_HOST"`
 	SshPort           string `yaml:"ssh.port" env:"OG_SSH_PORT"`
 	SshExternalDomain string `yaml:"ssh.external-domain" env:"OG_SSH_EXTERNAL_DOMAIN"`
-	SshKeygen         string `yaml:"ssh.keygen-executable" env:"OG_SSH_KEYGEN_EXECUTABLE"`
 
 	GithubClientKey string `yaml:"github.client-key" env:"OG_GITHUB_CLIENT_KEY"`
 	GithubSecret    string `yaml:"github.secret" env:"OG_GITHUB_SECRET"`
@@ -129,7 +128,6 @@ func configWithDefaults() (*config, error) {
 	c.SshGit = true
 	c.SshHost = "0.0.0.0"
 	c.SshPort = "2222"
-	c.SshKeygen = "ssh-keygen"
 
 	c.GitlabName = "GitLab"
 
diff --git a/internal/ssh/run.go b/internal/ssh/run.go
index ff20950..370fa41 100644
--- a/internal/ssh/run.go
+++ b/internal/ssh/run.go
@@ -1,6 +1,9 @@
 package ssh
 
 import (
+	"crypto/ed25519"
+	"crypto/rand"
+	"encoding/pem"
 	"errors"
 	"github.com/rs/zerolog/log"
 	"github.com/thomiceli/opengist/internal/config"
@@ -10,7 +13,6 @@ import (
 	"io"
 	"net"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"strings"
 	"syscall"
@@ -127,16 +129,12 @@ func setupHostKey() (ssh.Signer, error) {
 	}
 
 	keyPath := filepath.Join(dir, "opengist-ed25519")
-	if _, err := os.Stat(keyPath); err != nil && !os.IsExist(err) {
-		cmd := exec.Command(config.C.SshKeygen,
-			"-t", "ssh-ed25519",
-			"-f", keyPath,
-			"-m", "PEM",
-			"-N", "")
-		err = cmd.Run()
-		if err != nil {
+	if _, err := os.Stat(keyPath); errors.Is(err, os.ErrNotExist) {
+		if err = generateHostKey(keyPath); err != nil {
 			return nil, err
 		}
+	} else if err != nil {
+		return nil, err
 	}
 
 	keyData, err := os.ReadFile(keyPath)
@@ -152,6 +150,20 @@ func setupHostKey() (ssh.Signer, error) {
 	return signer, nil
 }
 
+func generateHostKey(keyPath string) error {
+	_, priv, err := ed25519.GenerateKey(rand.Reader)
+	if err != nil {
+		return err
+	}
+
+	block, err := ssh.MarshalPrivateKey(priv, "")
+	if err != nil {
+		return err
+	}
+
+	return os.WriteFile(keyPath, pem.EncodeToMemory(block), 0600)
+}
+
 func errorSsh(message string, err error) {
 	log.Error().Err(err).Msg("SSH: " + message)
 }
diff --git a/templates/pages/admin_config.html b/templates/pages/admin_config.html
index 5cce34b..e9b44d7 100644
--- a/templates/pages/admin_config.html
+++ b/templates/pages/admin_config.html
@@ -46,7 +46,6 @@
             <dt>SSH host</dt><dd>{{ .c.SshHost }}</dd>
             <dt>SSH port</dt><dd>{{ .c.SshPort }}</dd>
             <dt>SSH external domain</dt><dd>{{ .c.SshExternalDomain }}</dd>
-            <dt>SSH Keygen</dt><dd>{{ .c.SshKeygen }}</dd>
             <div class="relative col-span-3 mt-4">
                 <div class="absolute inset-0 flex items-center" aria-hidden="true">
                     <div class="w-full border-t border-gray-300"></div>