Skip to main content
Information Security

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Required fields*

9
  • 1
    Another good thing to remember is that you can keep your rsa keys around until you migrate all your host systems to your new ed25519 public key. Put both in the agent, and the client/host will negotiate the best supported. Commented Jan 22, 2018 at 21:43
  • 2
    @juanmah – Yes, that's why I linked the Ed25519 adoption page and offered RSA 4096 as an alternative. That page points to Cyberduck for implementing Ed25519 on Azure (though that's presumably for Windows, not Linux). I'd assume you could upgrade OpenSSH on the Linux VM; the newer the better, but Ed25519 requires OpenSSH 6.5+. If you want a lightweight server, consider installing pts-dropbear. Commented Mar 5, 2018 at 15:20
  • 5
    As of 7.8 about a month ago (see the first bullet) ssh-keygen writes 'new' format automatically, and if you want legacy format (for other than ed25519) you use -m PEM Commented Oct 2, 2018 at 1:00
  • 4
    @BasilBourque – It will prompt you for a passphrase. If you provide a passphrase on the command line like -N "secret pass phrase e>Q9= octet" then it's visible to other users on the system (e.g. ps auxww |grep keygen) and it is saved in your command history, so it's best to enter interactively. Commented Jul 9, 2019 at 13:42
  • 5
    @JoãoPortela – I believe it is still current. As updated recently, OpenSSH now defaults to ed25519, so if you're on a recent version, this advice simply adds iteration rounds to protect the key's password (the default is currently 16). Commented Mar 13, 2023 at 14:24