On 09/21/2016 11:39 PM, Gene Heskett wrote: > On Wednesday 21 September 2016 10:23:09 Greg Wooledge wrote: ... >> man ssh-keygen >> http://mywiki.wooledge.org/SshKeys > > I knew there was something about generating keys, but not the sticky > details.
If you have multiple servers or multiple remote accounts, you will end up with at least one key pair per account+server. So you will also need a way to keep track of them. One way it to make use of the -C and -f options to add a comment inside the key and to name the key files to something mnemonic. As far as the key choices go, DSA is considered deprecated, at least in the more recent versions: "Support for ssh-dss, ssh-dss-cert-* host and user keys will be run-time disabled by default" - http://www.openssh.com/txt/release-6.9 So that leaves RSA if you have old versions of the OpenSSH server to deal with. Probably 2048 bits or more is good for a while. Otherwise, consider Ed25519. Regards, /Lars