Generate an SSH key pair
- Open your favorite terminal
- Run the ssh-keygen command
$ ssh-keygen -t rsa -b 4096 -C "firstname.lastname@example.org"
INFO: For increased security, the type flag
-t rsaand the bits
flag -b 4096are required. The comment flag
-C "email@example.com"allows us to easily identify who owns the SSH key.
- Specify the key file name. Default is
- Enter a passphrase *optional
WARNING: If you already have a default SSH key ~/.ssh/id_rsa, DO NOT OVERWRITE IT. If you are not careful, you will lose SSH access to your cloud servers and git platforms. Instead, give your new SSH key a new name, such as id_rsa_avengers.
Top comments (8)
I wouldn't agree with your article, except it's a stronger RSA than default one, but RSA no longer recommended, when not highly discouraged.
Here is an article about it
SSH Key Best Practices
Paul Micheli ・ Apr 22 '21 ・ 2 min read
Hi @ccoveille! Thank you for your suggestions. Yes, that is correct! ECDSA is now preferred over RSA because of its shorter key lengths and faster performance. Over the last decade, ECDSA has also been widely adopted. Perhaps we'll use it on my next project. However, for the time being, RSA, specifically with bit length 4096, continues to work for us. Cheers!
Ok, I'm using ED25519 for more than a year now, but it's not widely adopted.
That’s good to know. I read somewhere that NIST (National Institute of Standards and Technology) speculates that RSA 2048 will be safe to use until 2030 (maybe +10 years for RSA 4096). By that time, we’ll probably see more ECDSA adoption. But yes using ECDSA today is future-proofing your systems security.
ED25519 is not exactly EDDSA, but I agree with you.
Oh my bad. I was thinking that ED25519 was a type of ECDSA instead of ECC. 😅
Side remark, I saw you used #fieldnotes tag, a tag no one used on Dev.to.
You may have to consider using #devjournal one.
You may have a wider audience.
Thank you for your suggestion, @ccoveille. I used #fieldnotes because they were notes taken from my day-to-day work experience. If #devjournal is commonly used here in dev.to, then I will make sure to use it as well. Thanks again!