
Generating Ed25519 Secure SSH Keys
Using SSH keys to login to your Linux server allows you to have a much simpler password than this 👇
Ja5H%4v^rGN#2bCPZgX6Uuwk&c7pJFVE
Which is asked every time we use sudo
command. In my experience of 6 years handling Linux servers I have seen most servers have an RSA based SSH key.
Today, I have prepared the perfect 👌 command to create a small & secure SSH key pair for your servers.
🔒 Ed25519 SSH Keys
Ed25519 uses the EdDSA signature scheme & the Curve25519 key agreement scheme. Ed25519 SSH keys are much smaller and are much faster compared to RSA SSH keys 👇
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8M8jPEvhNpzJYG6jW29Xz661W7+Mc8cVBlh+uCKHN vasanth@privateserver
Here is the command in bash
shell to generate a new Ed25519 SSH key with a comment of user@hostname
👇
mkdir -p ~/.ssh && ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "$(whoami)@$(hostname)"
In case you're using the fish
shell (which I do on my private server):
mkdir -p ~/.ssh && ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C \"(whoami)@(hostname)\"
💡 Explanation
The -o
flag saves the private key in the OpenSSH format rather than saving in the PEM format.
The -a <number>
is the number of Key Derivative Function rounds used to verify the passphrase. The higher it is, the slow authentication will be, also taking longer making brute force attacks harder (if the private key is ever stolen).
-t <type>
is the type of the key we want to create. In our case it is ed25519
.
-f <file_path>
is basically where to save our public-private key pair.
It is always good to use -C <comment>
to have username@hostname
so that we know where this particular key was generated. I'd also recommend adding the date to it 👍
🔦 The Gotcha
Although Ed25519 SSH keys are much faster & smaller in size, there are a good number of servers out there which are still relying on RSA (of really long lengths) due to compatibility with servers running old versions of OpenSSH, or lacking the hardware to cryptographically work with Ed25519 keys.
Thank you 😊