Generate a secure SSH key

In Fedora, CentOS and probably many other Linux distros “ssh-keygen” still defaults to RSA 2048.
People have not yet realized that the newer, and also faster, elliptic curve cryptography is available; even between my peers I still see that many of them are using old and insecure RSA based keys.
Since SSH clients support multiple keys transitioning to newer keys can be painless:
1. create a new elliptic curve key;
2. do not delete the old RSA key;
3. once you login into a server swap the old key with the new one.
Generating a new secure SSH key is pretty simple, just open a terminal and run:

ssh-keygen -o -a 256 -t ed25519
look at the "About me" page.

Leave a Comment

Your email address will not be published. Required fields are marked *