Using SSH keys to login to your Linux server allows you to have a much simpler password than this 👇
Which is asked every time we use
sudo command. In my experience of 6 years handling Linux servers I have seen most servers have an RSA based SSH key.
Today, I have prepared the perfect 👌 command to create a small & secure SSH key pair for your servers.
🔒 Ed25519 SSH Keys
Ed25519 uses the EdDSA signature scheme & the Curve25519 key agreement scheme. Ed25519 SSH keys are much smaller and are much faster compared to RSA SSH keys 👇
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8M8jPEvhNpzJYG6jW29Xz661W7+Mc8cVBlh+uCKHN vasanth@privateserver
Here is the command in
bash shell to generate a new Ed25519 SSH key with a comment of
mkdir -p ~/.ssh && ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "$(whoami)@$(hostname)"
In case you're using the
fish shell (which I do on my private server):
mkdir -p ~/.ssh && ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C \"(whoami)@(hostname)\"
-o flag saves the private key in the OpenSSH format rather than saving in the PEM format.
-a <number> is the number of Key Derivative Function rounds used to verify the passphrase. The higher it is, the slow authentication will be, also taking longer making brute force attacks harder (if the private key is ever stolen).
-t <type> is the type of the key we want to create. In our case it is
-f <file_path> is basically where to save our public-private key pair.
It is always good to use
-C <comment> to have
username@hostname so that we know where this particular key was generated. I'd also recommend adding the date to it 👍
🔦 The Gotcha
Although Ed25519 SSH keys are much faster & smaller in size, there are a good number of servers out there which are still relying on RSA (of really long lengths) due to compatibility with servers running old versions of OpenSSH, or lacking the hardware to cryptographically work with Ed25519 keys.
Thank you 😊