24Kas
What are ssh-keygen best practices?
Most users would simply type ssh-keygen
and accept what they're given by default.
But what are the best practices for generating ssh
keys with ssh-keygen
?
For example:
Use
-o
for the OpenSSH key format rather than the older PEM format (OpenSSH 6.5 introduced this feature years ago on 2014-01-30)How should one calculate how many rounds of KDF to use with
-a
?Should
-T
be used to test the candidate primes for safety? What-a
value to use with this?For the different key types, what are the recommended minimum
-b
bit sizes?etc... (there are a mind-boggling set of options in the manual page).