Currently developing futuristic smart-device, IoT connected, highway construction site safety system in EU.
Used to work on infrastructure, application architecture and cloud engineering.
default ssh-keygen does not generate secure enough keys. At least on Ubuntu 18.04 it generates RSA based, 2048 bit key, which is considered weak already.
While generating 4096 RSA bit key is possible (and may be still required to ssh into systems using old versions of ssh) it is beneficial to switch to shorter but computationaly more expensive elliptic curves like ed25519.
To further increase security against brute-forcing in case your key was stolen, you should specify to save the key in new format (the old one is really weak) by using -o and additionally to specify to use many KDF function rounds to secure the key using -a 100 or more.
Just a note:
default ssh-keygen does not generate secure enough keys. At least on Ubuntu 18.04 it generates RSA based, 2048 bit key, which is considered weak already.
While generating 4096 RSA bit key is possible (and may be still required to ssh into systems using old versions of ssh) it is beneficial to switch to shorter but computationaly more expensive elliptic curves like
ed25519
.To further increase security against brute-forcing in case your key was stolen, you should specify to save the key in new format (the old one is really weak) by using
-o
and additionally to specify to use many KDF function rounds to secure the key using-a 100
or more.The final command then should be:
Oh, nice to know it, thx a lot, going to update it.