SSH

Secure Shell and its variants

ssh-keygen

NSA recommends RSA key lenght of 3072 bits or longer.

# Generating a pair of keys with RSA Algorithm
ssh-keygen -t rsa -b 4096
ssh-keygen -t ed25519

-t : algorithm (rsa, dsa, ecdsa) -b : key size in bits -f : filename where the key will be stored (normally, it prompts you)

DSA: This is encryption considered insecure, since it becomes vulnerable in the face of current computer technology. This type of encryption has not been used since Openssh 7.
ED25519: This is the most secure encryption option nowadays, as it has a very strong mathematical algorithm.
ECDSA: The use of this encryption is advised against by the non-regulatory government agency of the US Government Technology Administration (NIST). This encryption is known to have a backdoor installed by the National Security Agency (NSA).
RSA: This type of encryption is widely used, and its security depends on the number of bits in the key used. For today, 3072 or 4096-bit encryption would be the most suitable. SSH keys with encryption lower than 2048 are considered insecure.

The SSH server configuration file is /etc/ssh/sshd_config on Linux.

Port 2222 PermitRootLogin no AllowUsers john jack PermitEmptyPasswords no

~/.ssh/config

Last updated 1 year ago