Category: Security
Generating SSH keys with ssh-keygen allows for use of different algorithms such as RSA (Rivest–Shamir–Adleman) or Ed25519 (Edwards-curve Digital Signature).
Practical Cryptography With Go suggests that Ed25519 keys are more secure and performant than RSA keys. Ed25519 is designed to be faster than existing digital signature schemes without sacrificing security.
Use the following command to generate an Ed25519 key:
ssh-keygen -t ed25519 -C "[email protected]"By default, the ssh-keygen command creates an 1024-bit RSA key.
If you use RSA keys for SSH the US National Institute of Standards and Technology recommends that you use a size of at least 2048 bits.
Additionally, whilst it is possible to specify 4096 bits, this key size takes 30% longer to negotiate the SSL browser handshake than a 2048 bit key.
Use the following command to generate a 2048 bit RSA key:
ssh-keygen -t rsa -b 2048 -C "[email protected]"