forked from tilde.black/docs
described switches
This commit is contained in:
James Tomasino
parent
7375253ba8
commit
3c4a64184e
|
|
@ -7,26 +7,37 @@ lower, you may be in danger.
|
|||
|
||||
Let's review the common options:
|
||||
|
||||
- DSA: No longer supported and unsafe.
|
||||
|
||||
- RSA: Key bit lengths greater than 3072 are still safe, but get lengthy. 1024
|
||||
keys are officially "unsafe". The clock is ticking on RSA of any key length as
|
||||
it has no protection from quantum computing.
|
||||
|
||||
ECDSA: The cryptographic safety of these keys depend on your specific hardware,
|
||||
and older/weaker machines may have insufficient entropy. The mathematics in use
|
||||
are not completely trusted by the security community.
|
||||
|
||||
Ed25519: An EdDSA implementation using the [Twisted Edwards
|
||||
curve](https://en.wikipedia.org/wiki/Twisted_Edwards_curve)! These keys are
|
||||
strong, have protection from quantum techniques, and generate a tiny public key
|
||||
that's only 68 characters long. They can be generated quickly en mass.
|
||||
- **DSA:** No longer supported and unsafe.
|
||||
- **RSA:** Key bit lengths greater than 3072 are still safe, but get lengthy.
|
||||
1024 keys are officially unsafe. The clock is ticking on RSA of any key
|
||||
length as it has no protection from quantum computing.
|
||||
- **ECDSA:** The cryptographic safety of these keys depend on your specific
|
||||
hardware, and older/weaker machines may have insufficient entropy. The
|
||||
mathematics in use are not completely trusted by the security community.
|
||||
- **Ed25519:** An EdDSA implementation using the [Twisted Edwards
|
||||
curve](https://en.wikipedia.org/wiki/Twisted_Edwards_curve)! These keys are
|
||||
strong, have protection from quantum techniques, and generate a tiny public
|
||||
key that's only 68 characters long. They can be generated quickly en mass.
|
||||
|
||||
Ed25519 is the best recommendation in 2019.
|
||||
|
||||
## Generate an ed25519 key
|
||||
## Generate an Ed25519 key
|
||||
|
||||
ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519
|
||||
ssh-keygen -a 100 -t ed25519 -f ~/.ssh/id_ed25519
|
||||
|
||||
Switches:
|
||||
|
||||
- **-a:** [Key Derivation
|
||||
Function](https://en.wikipedia.org/wiki/Key_derivation_function) rounds.
|
||||
Higher numbers result in slower passphrase verification, increasing the
|
||||
resistance to brute-force password cracking should the private-key be stolen.
|
||||
- **-t:** Specifies the type of key to create, in our case the Ed25519.
|
||||
- **-f:** Specify the filename of the generated key file. If you want it to be
|
||||
discovered automatically by the SSH agent, it must be stored in the default
|
||||
`.ssh` directory within your home directory. There are other strategies for
|
||||
organizing specific machine keys not covered in this guide.
|
||||
|
||||
When asked to enter a passphrase, do so. An ssh key without a passphrase is
|
||||
completely vulnerable if stolen.
|
||||
|
||||
_[In progress]_
|
||||
|
|
|
|||
Loading…
Reference in New Issue