Best practice for generating SSH keys?

These seem to be the current best options, thoughts?

ssh-keygen -t ed25519 -o -a 100 # Higher security
ssh-keygen -t rsa -b 4096 -o -a 100 # Higher compatibility

Current ssh-keygen defaults for t b a: -t rsa -b 3072 -a 100

-o isn’t in the man page, it insures the private-key is using the new OpenSSH format though that’s probably for older versions of ssh-keygen, likewise with -a 100.

-a (better description): The number of KDF (Key Derivation Function) rounds. Higher numbers result in slower passphrase verification, increasing the resistance to brute-force password cracking should the private-key be stolen

Resources:

https://security.stackexchange.com/questions/143442/what-are-ssh-keygen-best-practices
https://stackoverflow.com/questions/2821736/whats-the-difference-between-id-rsa-pub-and-id-dsa-pub/27855045#27855045
https://stribika.github.io/2015/01/04/secure-secure-shell.html
https://medium.com/risan/upgrade-your-ssh-key-to-ed25519-c6e8d60d3c54

1 Like

I’m not a cryptography expert but that checks out with every piece of wisdom I’ve seen online. That and generating your keys on an air-gapped computer (which has always seemed like overkill to me.)

I was a little concerned about the default for -b (bits) being 2048 for RSA instead of 4096 which implied ssh-keygen might similarly undervalue ed25519 without a -b but…

“For this key type, the -o option is implied and does not have to be provided. Also, a bit size is not needed, as it is always 256 bits for this key type.”
https://linux-audit.com/using-ed25519-openssh-keys-instead-of-dsa-rsa-ecdsa/

-o and -b don’t need to be there for ed25519