On 09/21/2016 11:39 PM, Gene Heskett wrote:
> On Wednesday 21 September 2016 10:23:09 Greg Wooledge wrote:
...
>> man ssh-keygen
>> http://mywiki.wooledge.org/SshKeys
>
> I knew there was something about generating keys, but not the sticky
> details.
If you have multiple servers or multiple remote accounts, you will end
up with at least one key pair per account+server. So you will also need
a way to keep track of them. One way it to make use of the -C and -f
options to add a comment inside the key and to name the key files to
something mnemonic.
As far as the key choices go, DSA is considered deprecated, at least in
the more recent versions:
"Support for ssh-dss, ssh-dss-cert-* host and user keys
will be run-time disabled by default"
- http://www.openssh.com/txt/release-6.9
So that leaves RSA if you have old versions of the OpenSSH server to
deal with. Probably 2048 bits or more is good for a while. Otherwise,
consider Ed25519.
Regards,
/Lars
