Either you are a developer or administrator. Surely you use SSH keys to authenticate to different systems. It is much more secure than pure password authentication.
I recently discovered that many people still use their old DSA or RSA keys. The key pairs were generated years ago and have not been updated since. But here you should take care that security algorithms have changed and you would do well to update your keys.
Currently, the following algorithms are in circulation:
I don't want to go into the depths of the encryption, because most of you probably don't care. Nevertheless, ed25519 has some advantages:
Many of you are now wondering if you can update existing DSA/RSA keys. The answer is quite simple: No. But that's not a problem.
Your system can manage and use multiple SSH keys. When I switched to ed25519 more than 3 years ago, I did it step by step. I kept my RSA key for the time being and generated a new ed25519 and used it from then on. I replaced the old RSA key bit by bit on the systems.
Open your terminal and with the following command, you get new keys.
$ ssh-keygen -t ed25519 -C "email@example.com"
-tspecifies the type of the key, in our case ed25519
-Cis just a comment, basically, your email address is used, but you can use anything you want
If you want to know which parameters are still available, you can consult the documentation. Interesting parameters may be
-f. That's it.
You can find your new key at
~/.ssh/id_ed25519 and your public key at
Personally, I only adjusted my SSH configuration (Mac OS).
Host * AddKeysToAgent yes UseKeychain yes IdentityFile ~/.ssh/id_rsa IdentityFile ~/.ssh/id_dsa IdentityFile ~/.ssh/id_ed25519
You can add as many
IdentityFile entries as you want.
If you used a passphrase for your key pair when creating it, you have to make your keys known to the SSH agent. Make sure the SSH agent is running:
$ eval "$(ssh-agent -s)"
Then you can add your keys with
$ ssh-add -K ~/.ssh/id_ed25519
-K only applies to macOS devices. If an error occurs, simply omit this option. What about you? Do you already use ed25519? Let me know.