DEV Community

Jim Zandueta
Jim Zandueta

Posted on • Updated on

How to generate a secure SSH key pair?

Required Reading:

  • None

Optional Reading:

  • None

-

Generate an SSH key pair

  • Open your favorite terminal
  • Run the ssh-keygen command
$ ssh-keygen -t rsa -b 4096 -C "tonystark@avengers.com"
Enter fullscreen mode Exit fullscreen mode

INFO: For increased security, the type flag -t rsa and the bits flag -b 4096 are required. The comment flag -C "tonystark@avengers.com" allows us to easily identify who owns the SSH key.

  • Specify the key file name. Default is id_rsa
  • Enter a passphrase *optional

ssh-keygen-sample

WARNING: If you already have a default SSH key ~/.ssh/id_rsa, DO NOT OVERWRITE IT. If you are not careful, you will lose SSH access to your cloud servers and git platforms. Instead, give your new SSH key a new name, such as id_rsa_avengers.

-

Resources

Top comments (8)

Collapse
 
ccoveille profile image
Christophe Colombier

I wouldn't agree with your article, except it's a stronger RSA than default one, but RSA no longer recommended, when not highly discouraged.

Here is an article about it

Collapse
 
jimzandueta profile image
Jim Zandueta

Hi @ccoveille! Thank you for your suggestions. Yes, that is correct! ECDSA is now preferred over RSA because of its shorter key lengths and faster performance. Over the last decade, ECDSA has also been widely adopted. Perhaps we'll use it on my next project. However, for the time being, RSA, specifically with bit length 4096, continues to work for us. Cheers!

Collapse
 
ccoveille profile image
Christophe Colombier

Ok, I'm using ED25519 for more than a year now, but it's not widely adopted.

Thread Thread
 
jimzandueta profile image
Jim Zandueta

That’s good to know. I read somewhere that NIST (National Institute of Standards and Technology) speculates that RSA 2048 will be safe to use until 2030 (maybe +10 years for RSA 4096). By that time, we’ll probably see more ECDSA adoption. But yes using ECDSA today is future-proofing your systems security.

Thread Thread
 
ccoveille profile image
Christophe Colombier

ED25519 is not exactly EDDSA, but I agree with you.

Thread Thread
 
jimzandueta profile image
Jim Zandueta

Oh my bad. I was thinking that ED25519 was a type of ECDSA instead of ECC. 😅

Collapse
 
ccoveille profile image
Christophe Colombier • Edited

Side remark, I saw you used #fieldnotes tag, a tag no one used on Dev.to.

You may have to consider using #devjournal one.

You may have a wider audience.

Collapse
 
jimzandueta profile image
Jim Zandueta

Thank you for your suggestion, @ccoveille. I used #fieldnotes because they were notes taken from my day-to-day work experience. If #devjournal is commonly used here in dev.to, then I will make sure to use it as well. Thanks again!