Quick Note on SSH Key Best Practices

Hey there, this is just a little reminder for myself about generating SSH keys using ssh-keygen. If it helps you too, that’s awesome! 🛡️

Key Types and Security

Ed25519 over RSA: I’ve found that Ed25519 offers a nice balance of strong security and much shorter key lengths.
```
ssh-keygen -t ed25519 -a 100
```
Fallback to RSA: On older systems, Ed25519 isn’t always supported. If needed, I use RSA with a key length of 4096 bits.
```
ssh-keygen -t rsa -b 4096 -a 100
```

Naming keys can get tricky, especially with multiple keys. Here’s what’s been working for me:

It’s a good habit to use separate SSH keys per device. Here’s why:

Security Isolation: If one device is compromised, only the key from that device is at risk. You won’t have to replace keys on all your devices, just the affected one.
Easy Revocation: If you lose a device or it gets stolen, you can easily revoke access for that specific key without disrupting your workflow on other devices.
Auditing and Logging: Different keys for different devices make it simpler to track activities. If there’s any unauthorized access, logs will show which device’s key was used, helping pinpoint potential security issues.

-C Option for Comments: I find it useful to add a comment when generating the key. It serves as a little reminder of where and why I created it.
```
ssh-keygen -t ed25519 -a 100 -C "guillaume@laptop.example.com 202307"
```
Keep Private Keys Safe: Remember, always keep those private keys secure. Use strong passphrases and check permissions!

When I need to generate a new key, this is the command I run:

ssh-keygen -t ed25519 -a 100 -C "guillaume@laptop.example.com 202307"

And, when prompted, I save it as:

$HOME/.ssh/laptop_ed25519_202307

That’s it for now. Just a note for future me. If you’re reading this, hope you found it helpful too!

linux workstation linux server ssh