Creating a safe ssh key with the ed25519 algorithm

June 22, 2023

Don't use RSA or ECDSA, not anymore.

Use ed25519; it's simple, shorter, and more secure!

ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/gutocarvalho_ed25519 -C "gutocarvalho@bolha.us"

add to your agent to use easily

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/gutocarvalho_ed25519

ED25519?

Ed25519 is a public-key signature algorithm that was proposed by Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang in their paper High-speed high-security signatures (doi.org/10.1007/s13389-012-0027-1) in 2011. More precisely, Ed25519 is an instance of the Edwards-curve Digital Signature Algorithm (EdDSA), where a twisted Edwards curve birationally equivalent to the curve called Curve25519 is used. Curve25599 is a very fast elliptic-curve-Diffie-Hellmann function that was proposed by Daniel J. Bernstein in his paper Curve25519: new Diffie-Hellman speed records in 2006.

Text from: https://blog.peterruppel.de/ed25519-for-ssh/

Why?

There are several aspects that make Ed25519 appealing for authentication in SSH:

Ed25519 is considered to be secure (similar difficulty to breaking a ~3000-bit RSA key).
Creating a new signature with Ed25519 does not require a random input. This is very desirable from a security perspective (see the Playstation3 hack above...).
Ed25519 is resilient to hash-function collisions. This is good because it provides some additional protection in case the selected hash function contained some weakness.
Ed25519 is immune to cache-timing attacks, hyperthreading attacks, and other side-channel attacks that rely on leakage of addresses through the CPU cache. This is also very desirable from a security perspective.
Ed25519 does not use secret branch conditions, i.e., it is immune to side-channel attacks that rely on leakage of information through the branch-prediction unit.

Text from: https://blog.peterruppel.de/ed25519-for-ssh/