skip to content
Skesov.com

Creating Secure SSH Keys: Ed25519 Instead of RSA

/ 1 min read

Table of Contents

Traditional RSA keys (especially 2048-bit ones) are now considered insufficiently secure or too cumbersome. The modern security standard is the Ed25519 algorithm.

Why Ed25519?

  1. Security: Higher security than RSA 4096 with a much shorter key length.
  2. Speed: Key generation and signature verification are significantly faster.
  3. Compactness: An Ed25519 public key is only 68 characters long.

How to Generate a Key

Open a terminal on your computer (macOS, Linux, or Windows PowerShell) and run the following command:

Terminal window
ssh-keygen -t ed25519 -C "your_email@example.com"

Parameter Breakdown:

  • -t ed25519: Specifies the algorithm type.
  • -C "...": Adds a text comment (usually your email) to help you identify the key in authorized lists.

Creation Process

  1. The system will ask for a location to save the key. Press Enter to use the default (~/.ssh/id_ed25519).
  2. Enter a passphrase. This is highly recommended: even if your key file is stolen, an attacker cannot use it without the passphrase.

Using the Key

Adding to a Server

Use the ssh-copy-id utility:

Terminal window
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@server_ip

Viewing the Public Key

To add the key to GitHub, GitLab, or Bitbucket, copy its content:

Terminal window
cat ~/.ssh/id_ed25519.pub

Conclusion

If you are still using RSA, now is the time to regenerate your keys. It is not only more secure but also prevents issues with newer OpenSSH versions where older RSA types are disabled by default.