Upgrade your SSH keys from RSA to ED25519

ssh-rsa is the most common public/private key type, but is widely considered insecure with key lengths lower than 2048 bits. If you created your SSH key using ssh-keygen with default options a while ago, chances are you're using an unsafe key. Furthermore, support for RSA host keys (keys that identify the server you're trying to connect to) is disabled by default since OpenSSH 8.8 and they may consider disabling the algorithm altogether in the future.

But don't worry! Just create a new key for yourself using the most recommended key type available today: ED25519.

ssh-keygen -t ED25519 -a 100 -C "myemail@email.com"

Just make sure you got OpenSSH 6.5 or greater on both ends. Don't forget to install your new key and remove the old one!

Learned by kevin-perez on Mar 4, 2022

Discover our latest blog posts