In Fedora, CentOS and probably many other Linux distros
ssh-keygen; still defaults to RSA 2048.
People have not yet realized that the newer, and also faster, elliptic curve cryptography is available; even between my peers I still see that many of them are using old and insecure RSA based keys. Since SSH clients support multiple keys transitioning to newer keys can be painless:
- create a new elliptic curve key;
- do not delete the old RSA key;
- once you login into a server swap the old key with the new one.
Generating a new secure SSH key is pretty simple, just open a terminal and run:
ssh-keygen -o -a 256 -t ed25519