What are Ed25519 ssh keys?
Ed25519 SSH keys are a type of public-key cryptography used for secure communication over a network. They are based on the Ed25519 elliptic curve algorithm, which is a variant of the elliptic curve algorithm used for digital signatures. The Ed25519 algorithm was designed to be faster and more secure than its predecessors, such as the RSA and DSA algorithms.
SSH keys are used in the SSH protocol to authenticate the identity of a user or a system. The SSH protocol allows a user to log in to a remote system securely, without having to provide a password. This is accomplished by using a pair of keys: a private key and a public key.
The private key is kept secret and is used to encrypt messages, while the public key is shared with others and is used to decrypt messages. When a user logs in to a remote system, their public key is compared to a list of authorized keys on the remote system. If the public key matches one of the authorized keys, the user is granted access.
Advantages of Ed25519 SSH keys
There are several advantages to using Ed25519 SSH keys over other types of keys, such as RSA and DSA:
- Faster key generation: Ed25519 keys can be generated much faster than RSA and DSA keys. This is because the Ed25519 algorithm is designed to be efficient, and does not require as many computations as RSA and DSA.
- Smaller key size: Ed25519 keys are smaller than RSA and DSA keys, which makes them easier to store and transmit. This can be particularly useful in situations where bandwidth or storage space is limited.
- Better security: Ed25519 keys are more secure than RSA and DSA keys. This is because the Ed25519 algorithm is designed to resist a wide range of attacks, including side-channel attacks, and is not vulnerable to certain types of attacks that can be used against RSA and DSA.
Generate an Ed25519 SSH key on linux or WSL
To generate an Ed25519 SSH key, you can use the ssh-keygen command-line tool, which is included with most SSH implementations. Here’s how to generate an Ed25519 SSH key:
- Open a terminal or command prompt on your local system.
- Type the following command:
ssh-keygen -t ed25519
This will generate a new Ed25519 SSH key pair in your home directory, in the .ssh/ directory and give you an output similar to this.
- You will be prompted to enter a passphrase for your private key. This passphrase will be used to encrypt your private key, so make sure to choose a strong passphrase and remember it.
- Once the key pair has been generated, you are good to go, you can use the public key on the server side.
Generating public/private ed25519 key pair.
Enter file in which to save the key ($HOME/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in $HOME/.ssh/id_ed25519.
Your public key has been saved in $HOME/.ssh/id_ed25519.pub.
Generate your key on Windows
Grab a copy of putty package files ( the name of which will look like: putty-64bit-0.XX-installer.msi ) or just the puttygen.exe from the putty website.
- 1: Select EdDSA
- 2: Make sure the dropdown is set to es255519 255 bits at least
- 3: Click this button to start the generation
- 4: Move your mouse around this area to generate randomness for the key. yes, I’m serious.
- 5: This is your public key. add this to the server
- 6: this is the “name” or “comment” for your key. this can be any arbitrary string, this is to differentiate the keys for human readability.
- 7: click this button to save the public key to a file.
- 8: click this button to save the private key to a file. Make sure to set the same passphrase in both passphrase fields before saving the private file.
- 9: Click Conversions
- 10: Click export openssh key to export the key in OpenSSH format to a file.
This sets you up for windoes ssh keys with ed25519.
Show your public key
This will display the public key in your terminal. You can copy and paste this key into the authorized_keys file on any remote system that you want to access using this key pair.
I can’t login to the remote machine with this new key
- Make sure you copied the whole key.
- Make sure you put it on its own line in the authorized_keys file on the remote machine.
- Make sure the remote authorized_keys file is chmod 600
chmod 600 ~/.ssh/authorized_keys
In conclusion, Ed25519 SSH keys provide a faster, more secure alternative to other types of keys such as RSA and DSA. They are easy to generate using the ssh-keygen command-line tool and can be used to securely authenticate your identity on remote systems.