So What’s So Important About Your OpenSSH Keys?
If it wasn’t for public key encryption the Internet would be an almost untrusted place. Basically, it secures the key generation for the creation of a secure tunnel (with ECDH), it checks the identity of the Web sites we connect to (using RSA and ECDSA signatures), and it allows us to digitally sign things for our identity.
In Figure 1, we see that Bob wants to log into Alice’s server. For this, he generates an OpenSSH key pair and puts his public key onto the server. When he wants to log in, he initiates an SSH connection. Alice then sends back a message, which he signs with his private key, and sends it to Alice. Alice then checks the signature with Bob’s public key. If the signature is correct, Bob will be able to log in. We can set up restrictions on the public key, such as locking it down to a given range of IP addresses.
The main signatures are RSA, Ed25519, DSA and ECDSA, but DSA is now not recommended. We generate Ed25519 with:
$ ssh-keygen -t ed25519 -C "fred@home.com"and for 4K RSA with:
$ ssh-keygen -t -b 4096 rsa -C "fred@home.com"
