I’m hoping to reinstall my MacBook Pro 15” 2017 with a fresh macOS Catalina sometime soon, and part of preparations is testing my install methods (hello, brew!) and configuration files migration. Today I decided to setup a new SSH keypair.
Here is the video with steps:
What is ed25519?
ed25519 is a relatively new cryptography solution implementing Edwards-curve Digital Signature Algorithm (EdDSA).
I say relatively, because ed25519 is supported by OpenSSH for about 5 years now – so it wouldn’t be considered a cutting edge. Still, people are such creatures of habits that many IT professionals daily using SSH/SCP haven’t even heard of this key type.
Similarly, not all the software solutions are supporting ed25519 right now – but SSH implementations in most modern Operating Systems certainly support it.
Why ed25519 Key is a Good Idea
Compared to the most common type of SSH key – RSA – ed25519 brings a number of cool improvements:
it’s faster: to generate and to verify
it’s more secure
collision resilience – this means that it’s more resilient against hash-function collision attacks (types of attacks where large numbers of keys are generated with the hope of getting two different keys have matching hashes)
keys are smaller – this, for instance, means that it’s easier to transfer and to copy/paste them
Generate ed25519 SSH Key
Here’s the command to generate an ed25519 SSH key:
That’s it – this keypair is ready to be deployed to SSH servers, GitHub or any other service that can use them.