Best

ed25519:

ssh-keygen -t ed25519 -C "${USERNAME}@$(hostname -f)_$(uname -s | tr '[:upper:]' '[:lower:]')"

-C is an optional comment, to keep track of your keys. Can be changed with -c if you make a mistake after the key is generated.

You will be asked where to save the file and what to call it. It might make sense to have a better naming convention than the standard if you’re using multiple keys.

Second question will be the passphrase, please enter a good passphrase and if need be save it in your password manager. Do not skip this step.

Two files will be created once that is done:

• id_ed25519 - This is you private key file, never share that one.
• id_ed25519.pub - This is your public key and can be shared.

You can copy the file to your remote host, if password access is permitted:

And with that you should be good to go.

ssh-copy-id -i ~/.ssh/id_ed25519.pub user@host

Others

Ecdsa, good fallback if ed25519 is not supported yet:

ssh-keygen -t ecdsa -b 521 -C "${USERNAME}@$(hostname -f)_$(uname -s)"

If you really need RSA for some reason:

ssh-keygen -t rsa -b 4096 -C "${USERNAME}@$(hostname -f)_$(uname -s)"

Do not use DSA keys.

Bonus

Create a shell alias to load your key with one command, can be added in your ~/.aliases:

load () {
  eval $(ssh-agent -s)
  ssh-add "${HOME}"/.ssh/id_ed25519
}

You can also use this tool to remove all keys belonging to a hostname from a known_hosts file.

ssh-keygen -R $HOSTNAME

A lot more options are available, please refer to SSH-KEYGEN(1) with man ssh-keygen or ssh-keygen --help.

Make sure to always keep your Operating System(s) and all of the software that you are using up to date.

Feedback on our content or did you find a bug somewhere?

Send us an email to feedback at this domain.

kthxbai