Here are some examples of how you can manage your SSH Keys.
The possible algorithms you can use to generate SSH keys are:
- dsa
- ecdsa
- ecdsa-sk
- ed25519
- ed25519-sk
- rsa
Let's see how to generate SSH keys.
RSA is the best bet if you can't use Ed25519. At least 3072 bits long.
To generate SSH keys it's as simple as the command below:
ssh-keygen -t rsa
In public-key cryptography, Edwards-curve Digital Signature Algorithm is a digital signature scheme using a variant of Schnorr signature based on twisted Edwards curves. It is designed to be faster than existing digital signature schemes without sacrificing security. Read more.
Ed25519 is probably the strongest mathematically (and also the fastest), but not yet widely supported. At least 256 bits long.
ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "john@example.com"
Read more about why your must generate SSH keys with ed25519 algorithm at Upgrade Your SSH Key to Ed25519.
ssh-agent
is a key manager for SSH. It holds your keys and certificates in memory, unencrypted, and ready for use by ssh
.
It saves you from typing a passphrase every time you connect to a server. It runs in the background on your system, separately from ssh
, and it usually starts up the first time you run ssh
after a reboot.
Read more about the SSH agent here.
ssh-add tiagosampaio-ed25519
You have to use the public key for this. So first extract the public key and then remove it from the agent.
ssh-keygen -y -f tiagosampaio-ed25519 > tiagosampaio-ed25519.pub
ssh-add -d tiagosampaio-ed25519.pub
Some application, like DBeaver, only work with PEM format keys
ssh-keygen -t rsa -b 2048 -m PEM
ssh-keygen -p -m PEM -f ~/.ssh/id_rsa