DEV Community

Dan Croak
Dan Croak

Posted on • Edited on • Originally published at dancroak.com

SSH Key with Ed25519

With my last team, at the request of Ryan, our CTO, I stopped using RSA for my public keys and started using Ed25519.

Ed25519 uses elliptic curve cryptography with good security and performance. That's the real reason to use it.

My favorite thing, though, is when the whole team uses Ed25519, a server's ~/.ssh/authorized_keys file looks 😍:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIAePksB5aPc6sww+RMzJwpVuDhRAgzOKP1Q/o3suIbw alice@home.local
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/O/VwAvqWIV/EN9aHjHAg/9JYsX/Ce2yvr5wPI3gZ bob@work.local
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAYG1rgF4YSSBwtinbhFLR/Qeah11jYcQpf6lX4yql60 carol@home.local
Enter fullscreen mode Exit fullscreen mode

Create the key:

ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -C "$(whoami)@$(hostname)"
Enter fullscreen mode Exit fullscreen mode

Start the SSH agent:

eval "$(ssh-agent -s)"
Enter fullscreen mode Exit fullscreen mode

Update ~/.ssh/config:

Host *
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile ~/.ssh/id_ed25519

Host github.com
  Hostname ssh.github.com
  Port 443
Enter fullscreen mode Exit fullscreen mode

Add the private key to the SSH agent on macOS:

ssh-add -K ~/.ssh/id_ed25519
Enter fullscreen mode Exit fullscreen mode

Top comments (0)