Update Your SSH Keys Now

By Ronald Valente. Published

PSA: Stop using your SSH RSA keys from 10 years ago!

Background

Changing your SSH key doesn't have to be hard, and it should be done. Please stop using your RSA keys with 1024 bit size. Sadly, the default is still 2048 bits, which is still not good enough. If you're going to use RSA keys, ensure they're 4096 bits. Best choice is to use ed25519 keys.

Let's be honest, anything that D. J. Bernstein is involved in is pretty damn epic.

ssh-keygen(1) generates, manages and converts authentication keys for ssh(1).

Generate SSH Key

Generate a secure client SSH key with the recommended ed25519 type

ssh-keygen -t ed25519 -a 100

When prompted, please, type a password (ssh-agent(1) is your friend).

Flags Explained

Flag Details
-t ed25519 Use the recommended ed25519 key type instead of the default rsa 2048-bit key
-a 100 # of key derivation function rounds used, higher = increased resistance to brute-force cracking
-o Not required with the ed25519 key type, defaults to the correct format instead of the older PEM format

Resources