SSH Configuration

  1. RSA

    • RSA keys have been the default for many years and are supported by almost all SSH clients and servers. They are well-understood and trusted in various computing environments. Many systems default to RSA key lengths of 2048 or 3072 bits, though some users prefer 4096 bits for enhanced security.
      ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
      
  2. Ed25519

    • Ed25519 is increasingly popular due to its strong security features and efficiency. It uses elliptic curve cryptography to provide excellent security with shorter keys, resulting in faster performance and less data usage during authentication. Many modern systems and security guidelines now recommend Ed25519 as the preferred choice for new key generation.
      ssh-keygen -t ed25519 -C "your_email@example.com"
      
  3. ECDSA

    • ECDSA is another commonly used type, particularly because it also offers good security with shorter key lengths compared to RSA. It's often used where there's a need for a balance between compatibility and modern cryptographic practices. ECDSA keys using the NIST P-256 curve (nistp256) are particularly common.
      ssh-keygen -t ecdsa -b 256 -C "your_email@example.com"
      
  • note: RSA and Ed25519 are generally the most recommended, with Ed25519 often preferred for new deployments due to its robustness and efficiency. RSA remains widely used due to its long history and broad support across older and legacy systems. For new systems or updates, transitioning to Ed25519 from RSA or ECDSA is a common recommendation for enhanced security and performance.
  1. Server Config

    • copy and paste the public keys to the authorized_keys file on the server.
      echo "paste-your-public-key-here" >> ~/.ssh/authorized_keys
      chmod 600 ~/.ssh/authorized_keys
      
  2. Local Config

    • create a config file in .ssh folder
      Host "custom name"
      HostName "hostname -after @"
      User "username"
      IdentityFile "private key location"
      
    • after configuration use the following command to connect to the server
      ssh "custom name"