1,885
edits
Changes
→Creating a Public/Private Key Pair
# Enter this command: <code>ssh-keygen -t ed25519</code>
#* Answer the questions asked by ssh-keygen. Use default values for most questions. The use of a passphrase is '''strongly''' recommended. Avoid changing the filename from the default (unless there is a really good reason), because the location, name, and permission of keys is critical.'''DO NOT FORGET YOUR PASSPHRASE!'''
#* ssh-keygen will produce two files; the name will be the same but the location will vary according to the operating system in use:
#** <code>~/.ssh/id_ed25519</code> - your private key- do not let anyone else have this file#** <code>~/.ssh/id_ed25519.pub</code> - your public key- this file can be freely shared with anyone#* The permissions on these files matter! Take this in to account if you move these files or copy them between systems:#** <code>~/.ssh</code> directory must have permission 0700 (rwx------)#** <code>~/.ssh/id_ed25519</code> must have permission 0600 (rw-------)#** <code>~/.ssh/id_ed25519.pub</code> should have permission 0644 (rw-r--r--)
{{Admon/tip|Key Type and Length|ssh-keygen can generate multiple types of keys, including rsa, dsa, ecdsa, and ed25519. Any of these types serves the same purpose, and rsa/dsa can be generated with varying key lengths. The longer the key, the more difficult it is to break the key by guessing it (trying successive values until the right key is found) - each bit added to the key doubles the number of possible key values. Key lengths of 1024-4096 bits are considered reasonably secure; as computers become faster, key lengths should be increased. Better yet, use the ed25519 eliptic curve option, which is considered the most secure format supported by the current OpenSSH implementation (8.4 as of the time of writing).}}
