RSA

Many people still use the RSA algorithm to generate SSH public keys. You might even wonder how many bits are safe enough. The general recommendation is 4096 bits:

1
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

This results in a very long public key:

1
2
3
cat test_rsa_4096.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCXlH8OxqMFhv2+En10yV2ZorDzRFXQm9pPuWQ8G5iu+cUpyhwDoKnd+l6PCZTrCgcVJgLSsVAVbZ3CK6Qnoj3TDQl4yaj90UasmivWM2INc2hObr5P2y2AqWnnZBXmxpoUGZPz/9323JalC+m/EwXNcdrC5JzgD083BC0ykfB801vcAzrZwsnbKfCUsGfUNP9mco3+hFwTqgfJxEvmI3X6hbGIGY1d2QbGMLrs3JYVsfRzJDjFaYOSwXZR6pM5uUCKENt9hOmVUZfuZqvlzLZX95yc53a6qNgOJhzaFZYz3wD2gY0dNp1boGnAtXsLqEnqtm9skp05iMuT01B9WrKEOZG5rsRZDh3bYXJ8ZP0lO/RbStuBczd8ZgObb32NfUyHG2JObDpm9mjsvWZqJxJbT5l/6vMXu8hQ6ikDrf6R33PRcRdbUIrAOpDUrfBxjkUonxjqqEbHhpcAlMWNJ4qcjtjvSnLOhH9GBn5KCnFJ7VIbyXc+Gj9AAp9xuV/9jv1R7CathkS2QrC5s9pFY3I24mFevpkioEeJYPAYUTuFBenWg5MdFK99FYO44wjmFa/RxwEQtYFXV+RybTJTC0eDpjK1u3w7LVm2JjEVoSfOJIKt9yZQn5Fm0kmueBz5aQ4CzZNoZBMKr7TT0dX9cJoANzd19uM4uCV6HRVJmQyz4Q== your_email@example.com

Ed25519

There are actually more advanced algorithms that are more secure than RSA, with shorter public keys. Thanks to blockchain adoption, they’re gaining more acceptance. For example, Ed25519, despite being only 256 bits, offers higher security than RSA 3072.

Generating an Ed25519 SSH Key:

1
ssh-keygen -t ed25519 -C "your_email@example.com"

Public key:

1
2
cat test_ed25519.pub
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGcMXqCXtcjny9gXV1NDmwArHy0AgJs+R7N6XpOutviw your_email@example.com

GitHub now recommends Ed25519 by default: https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent

Ed25519 is an elliptic curve — elegant and with mathematically proven security:

By Deirdre Connolly in [State of the Curve] (2016)

Here’s a list of current Ed25519 adopters: https://ianix.com/pub/ed25519-deployment.html