I’ll introduce the options I use with the ssh-keygen command when creating SSH public and private keys.

$ ssh-keygen -t rsa -b 4096 -f ~/.ssh/example.com -C [email protected]
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/yourname/.ssh/example.com.
Your public key has been saved in /Users/yourname/.ssh/example.com.pub.
The key fingerprint is:
SHA256:bDiAA/Rpt24cM3nlrCJBrWwsYQvass4z623oDowPIMA [email protected]
The key's randomart image is:
+---[RSA 4096]----+
|o.               |
|....o            |
|oEo=.o   .       |
|=.B.o.oo+        |
|=o.* *o.So       |
|=oo + =o.        |
|=... = .         |
|+*..o .          |
|+B*.             |
+----[SHA256]-----+

-t Specify key type (rsa/dsa) -b Specify key length -f Specify output file -C Add a new comment

$ ssh-keygen -l -f ~/.ssh/example.com
4096 SHA256:bDiAA/Rpt24cM3nlrCJBrWwsYQvass4z623oDowPIMA [email protected] (RSA)

-l Check public key information (type, fingerprint, comment, etc.)

In my personal judgment, 2048-bit RSA keys should be able to fight until 2030, so I think that's fine for the time being.

• [Source]: I Investigated 60,000 SSH Keys of GitHub Users - hnw's Diary (GitHubユーザーのSSH鍵6万個を調べてみた - hnwの日記)

Since there’s this opinion, I’m satisfied with this approach.

Reference Information

• SSH-KEYGEN (1)
• You're Creating SSH Keys Wrong - Qiita (お前らのSSH Keysの作り方は間違っている - Qiita)
• Connecting to GitHub with SSH - User Documentation

That’s all from the Gemba.