DEV Community

Discussion on: How to use SSH properly and what is SSH Agent Forwarding

Collapse
 
slavius profile image
Slavius

Just a note:

default ssh-keygen does not generate secure enough keys. At least on Ubuntu 18.04 it generates RSA based, 2048 bit key, which is considered weak already.
While generating 4096 RSA bit key is possible (and may be still required to ssh into systems using old versions of ssh) it is beneficial to switch to shorter but computationaly more expensive elliptic curves like ed25519.

To further increase security against brute-forcing in case your key was stolen, you should specify to save the key in new format (the old one is really weak) by using -o and additionally to specify to use many KDF function rounds to secure the key using -a 100 or more.

The final command then should be:

/usr/bin/ssh-keygen -o -a 100 -t ed25519
Enter fullscreen mode Exit fullscreen mode
Collapse
 
levivm profile image
Levi Velázquez

Oh, nice to know it, thx a lot, going to update it.