DEV Community

Cover image for How to generate a secure and robust SSH key in 2024
Christophe Colombier
Christophe Colombier

Posted on

How to generate a secure and robust SSH key in 2024

#security #tutorial #howto #ssh

To generate a robust SSH key, you have two main options: ED25519 and RSA. Both have their advantages, but ED25519 is generally recommended for its security and performance benefits.

Here's how to generate each type of key:

Generating an ED25519 Key

ED25519 keys are considered more secure and performant than RSA keys. They are compact, fast to generate, and offer better security with faster performance compared to DSA or ECDSA. To generate an ED25519 key, use the following command:

ssh-keygen -t ed25519 -C "<comment>"
Enter fullscreen mode Exit fullscreen mode

Replace with a meaningful comment, such as your email address. This comment won't be exposed outside your machine. Consider it as a label to identify your ssh key.

This command generates an ED25519 key pair and saves it in the default .ssh directory within your home directory.

You'll be prompted to enter a passphrase for the key, which adds an extra layer of security.

ccoveille

Why using a passphrase to secure your SSH key ?

Christophe Colombier ・ Apr 6

#security #tutorial #ssh

Generating an RSA Key

If you prefer to use RSA, it's recommended to use a key size of at least 2048 bits for security. However, a 4096-bit key is even more secure and is recommended if you're concerned about the future of cryptographic security. To generate an RSA key with a 4096-bit size, use the following command:

ssh-keygen -t rsa -b 4096 -C "<comment>"
Enter fullscreen mode Exit fullscreen mode

Additional Considerations

  • Security: ED25519 keys are more secure against PRNG (Pseudo-Random Number Generator) failures, making them a robust choice for SSH keys.

  • Performance: ED25519 keys are faster and more efficient than RSA keys, which can be a significant advantage in environments with high security requirements 2.

  • Compatibility: Ensure your system supports the key type you choose. ED25519 is supported in OpenSSH version 6.5 and later, while RSA keys are widely supported across all versions 2.

To check your ssh version, you can run the following command

$ ssh -V
OpenSSH_8.9 ...
Enter fullscreen mode Exit fullscreen mode

Please note the ssh servers you log are the ones that need to support ED25519 keys, so please make sure to check on them before trying anything.

TL;DR; For generating a robust SSH key, ED25519 is generally the preferred choice due to its security and performance benefits. However, RSA keys with a 4096-bit size are also a secure option if you have specific compatibility requirements or preferences.

Top comments (0)

Read next

egeaytin profile image

Building Scalable GraphQL Microservices With Node.js and Docker: A Comprehensive Guide

Ege Aytin -

lakshya-dhariwal profile image

Reusable Modal Component using React Portals

Lakshya Dhariwal -

devsdaddy profile image

Secure your Game with Unity Game Shield - An open-source anti-cheat and encryption toolkit

Devs Daddy -

pizofreude profile image

A Step-by-Step Guide to Connecting Excel to a PostgreSQL Database

Pizofreude -