Options I Use with ssh-keygen When Creating SSH Public and Private Keys
I’ll introduce the options I use with the ssh-keygen command when creating SSH public and private keys.
$ ssh-keygen -t rsa -b 4096 -f ~/.ssh/example.com -C [email protected]
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/yourname/.ssh/example.com.
Your public key has been saved in /Users/yourname/.ssh/example.com.pub.
The key fingerprint is:
SHA256:bDiAA/Rpt24cM3nlrCJBrWwsYQvass4z623oDowPIMA [email protected]
The key's randomart image is:
+---[RSA 4096]----+
|o. |
|....o |
|oEo=.o . |
|=.B.o.oo+ |
|=o.* *o.So |
|=oo + =o. |
|=... = . |
|+*..o . |
|+B*. |
+----[SHA256]-----+
-t Specify key type (rsa/dsa) -b Specify key length -f Specify output file -C Add a new comment
$ ssh-keygen -l -f ~/.ssh/example.com
4096 SHA256:bDiAA/Rpt24cM3nlrCJBrWwsYQvass4z623oDowPIMA [email protected] (RSA)
-l Check public key information (type, fingerprint, comment, etc.)
In my personal judgment, 2048-bit RSA keys should be able to fight until 2030, so I think that's fine for the time being.
Since there’s this opinion, I’m satisfied with this approach.
That’s all from the Gemba.