• caglararli@hotmail.com
  • 05386281520

What are ssh-keygen best practices?

Çağlar Arlı      -    48 Views

What are ssh-keygen best practices?

Most users would simply type ssh-keygen and accept what they're given by default.

But what are the best practices for generating ssh keys with ssh-keygen?

For example:

  • Use -o for the OpenSSH key format rather than the older PEM format (OpenSSH 6.5 introduced this feature years ago on 2014-01-30)

  • How should one calculate how many rounds of KDF to use with -a?

  • Should -T be used to test the candidate primes for safety? What -a value to use with this?

  • For the different key types, what are the recommended minimum -b bit sizes?

  • etc... (there are a mind-boggling set of options in the manual page).