generating ssh keys in 2025

bartman
2025-05-28

I’m setting up a new system, and I always create a new key when I bulid a new desktop… Having not done it in a few years, I wanted to see what the recomended ssh key looks like these days.

Came across this link: SSH Key Best Practices for 2025 – Using ed25519, key rotation, and other best practices

here is what I learned:

use ed2219, which is the default on modern openssh
provide a meaningful description, that includes a year of creation
plan on rotating keys every couple years
password protect (duh)

The author also said that he like to generate a key a few times to get a noverl and momorable hash.

Cute, so what would it take to find one with something that looks cool

 1#!/usr/bin/env bash
 2set -e
 3 
 4user=                  # fill me
 5system=                # fill me
 6year=$(date +'%Y')
 7 
 8key=id_ed25519_${system}_${user}_$year
 9pub=$key.pub
10 
11die() { echo >&2 "$*" ; exit 1 ; }
12 
13[ -f "$key" ] && die "$key: exists, refusing to continue"
14[ -f "$pub" ] && die "$pub: exists, refusing to continue"
15 
16iteration=0    
17start=$(date +%s)
18while true ; do
19        echo "------------------------------------------------------------------------"
20
21        let iteration=iteration+1
22        duration=$(( $(date +%s) - $start ))
23        echo iteration=$iteration duration=$duration
24        echo
25        
26        ssh-keygen -t ed25519 -f $key -C "$user+$year@$system" -N '' 
27        echo
28        cat $pub
29        echo
30        
31        read -p 'do you like it? [y/n/Q]' -n 1 answer 
32        case "$answer" in 
33                N|n) ;;          
34                Y|y) ssh-keygen -p -f $key ; exit 0 ;;
35                *) die terminating ;;
36        esac    
37 
38        rm -f $key $pub
39done

Tags:

Ssh
Linux