From 079c229d5195af46f9d504d7da44d72f4aab7ed0 Mon Sep 17 00:00:00 2001 From: timball Date: Tue, 3 Nov 2020 06:23:04 -0500 Subject: [PATCH] use ed25519 keys instead of rsa keys (#362) * use ed25519 keys instead of rsa keys RSA keys are outdated. Even by using larger 4096 keys maybe it's best to move away from rsa keys altogether. This PR updates the document to suggest using ed25519 keys which, at this time, defaults to a 16 round key deviation function. It may be useful to suggest more rounds for the KDF but that's for a different PR. --timball * Add RSA fallback and change id_rsa to id_ed25519 Co-authored-by: hubwriter <54933897+hubwriter@users.noreply.github.com> Co-authored-by: hubwriter --- ...-ssh-key-and-adding-it-to-the-ssh-agent.md | 24 ++++++++++++------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/content/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent.md b/content/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent.md index b17745585b5e..bb0910cc2b0e 100644 --- a/content/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent.md +++ b/content/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent.md @@ -20,18 +20,26 @@ If you don't want to reenter your passphrase every time you use your SSH key, yo {% data reusables.command_line.open_the_multi_os_terminal %} 2. Paste the text below, substituting in your {% data variables.product.product_name %} email address. ```shell - $ ssh-keygen -t rsa -b 4096 -C "your_email@example.com" + $ ssh-keygen -t ed25519 -C "your_email@example.com" ``` + {% note %} + + **Note:** If you are using a legacy system that doesn't support the Ed25519 algorithm, use: + ```shell + $ ssh-keygen -t rsa -b 4096 -C "your_email@example.com" + ``` + + {% endnote %} This creates a new ssh key, using the provided email as a label. ```shell - > Generating public/private rsa key pair. + > Generating public/private ed25519 key pair. ``` 3. When you're prompted to "Enter a file in which to save the key," press Enter. This accepts the default file location. {% mac %} ```shell - > Enter a file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter] + > Enter a file in which to save the key (/Users/you/.ssh/id_ed25519): [Press enter] ``` {% endmac %} @@ -39,7 +47,7 @@ If you don't want to reenter your passphrase every time you use your SSH key, yo {% windows %} ```shell - > Enter a file in which to save the key (/c/Users/you/.ssh/id_rsa):[Press enter] + > Enter a file in which to save the key (/c/Users/you/.ssh/id_ed25519):[Press enter] ``` {% endwindows %} @@ -47,7 +55,7 @@ If you don't want to reenter your passphrase every time you use your SSH key, yo {% linux %} ```shell - > Enter a file in which to save the key (/home/you/.ssh/id_rsa): [Press enter] + > Enter a file in which to save the key (/home/you/.ssh/id_ed25519): [Press enter] ``` {% endlinux %} @@ -81,18 +89,18 @@ Before adding a new SSH key to the ssh-agent to manage your keys, you should hav $ touch ~/.ssh/config ``` - * Open your `~/.ssh/config` file, then modify the file, replacing ` ~/.ssh/id_rsa` if you are not using the default location and name for your `id_rsa` key. + * Open your `~/.ssh/config` file, then modify the file, replacing ` ~/.ssh/id_ed25519` if you are not using the default location and name for your `id_ed25519` key. ``` Host * AddKeysToAgent yes UseKeychain yes - IdentityFile ~/.ssh/id_rsa + IdentityFile ~/.ssh/id_ed25519 ``` 3. Add your SSH private key to the ssh-agent and store your passphrase in the keychain. {% data reusables.ssh.add-ssh-key-to-ssh-agent %} ```shell - $ ssh-add -K ~/.ssh/id_rsa + $ ssh-add -K ~/.ssh/id_ed25519 ``` {% note %}