Update Your SSH Keys Now
By Ronald Valente. Published
PSA: Stop using your SSH RSA keys from 10 years ago!
Background
Changing your SSH key doesn't have to be hard, and it should be done. Please stop using your RSA keys with 1024 bit size. Sadly, the default is still 2048 bits, which is still not good enough. If you're going to use RSA keys, ensure they're 4096 bits. Best choice is to use ed25519 keys.
Let's be honest, anything that D. J. Bernstein is involved in is pretty damn epic.
ssh-keygen(1) generates, manages and converts authentication keys for ssh(1).
Generate SSH Key
Generate a secure client SSH key with the recommended ed25519
type
ssh-keygen -t ed25519 -a 100
When prompted, please, type a password (ssh-agent(1) is your friend).
Flags Explained
Flag | Details |
---|---|
-t ed25519 |
Use the recommended ed25519 key type instead of the default rsa 2048-bit key |
-a 100 |
# of key derivation function rounds used, higher = increased resistance to brute-force cracking |
-o |
Not required with the ed25519 key type, defaults to the correct format instead of the older PEM format |