macmladen · December 17, 2024 08:19
diff --git a/ssh-key-gen.sh b/ssh-key-gen.sh
 # Generating new SSH key best practice
 # RSA is most widely used, 4096 bits recommended!
 # Ed25519 was introduced in OpenSSH 6.5 of January 2014

 # Ref: https://goteleport.com/blog/comparing-ssh-keys/
 # Ref: https://medium.com/risan/upgrade-your-ssh-key-to-ed25519-c6e8d60d3c54

 # List all your keys
 for key in ~/.ssh/id_*; do ssh-keygen -l -f "${key}"; done | uniq

 # Generate yours
 # -a: It’s the numbers of KDF (Key Derivation Function) rounds. 
 #   Higher numbers result in slower passphrase verification, increasing 
 #   the resistance to brute-force password cracking should the private-key be stolen.
 ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "[email protected]"

 # Changing the private key's passphrase without changing the key
 # This can also be used to change the password encoding format to the new standard.
 ssh-keygen -f ~/.ssh/id_ed25519 -p

 # Check the fingerprint
 ssh-keygen -lf ~/.ssh/id_ed25519.pub
 # Output:
 # 256 SHA256:sMs42wBNIz4jeeNiCD/QNvGt966Lk8tI1oGMGwineth MacMladen @Buk5 (ED25519)
 ssh-keygen -E md5 -lf  ~/.ssh/id_ed25519.pub
 # Output:
 # 256 MD5:c5:2e:3f:42:5d:63:74:87:97:a7:b6:c9:db:e4:fe:1a MacMladen @Buk5 (ED25519)

 # Add your newly generated Ed25519 key to SSH agent:
 ssh-add ~/.ssh/id_ed25519

 # Adding keys under the default .ssh directory
 # Add base keys
 ssh-add
 # If you want to add all of the available keys under the default .ssh directory
 grep -slR "PRIVATE" ~/.ssh/ | xargs ssh-add

 # List all active keys
 # -l list keys fingerprints
 # -L list actual keys
 ssh-add -l

 # Also by your ~/.ssh/config file:
 # # Global SSH configurations here will be applied to all hosts
 # IdentityFile ~/.ssh/id_dsa
 # IdentityFile ~/.ssh/id_project1
 # IdentityFile ~/.ssh/id_someotherkey

 # To load the keys automatically and store the passphrases in the Keychain, 
 # you need to configure your ~/.ssh/config file:

 #Host *
 #  AddKeysToAgent yes
 #  UseKeychain yes
 #  IdentityFile ~/.ssh/id_ed25519
 #  IdentityFile ~/.ssh/id_rsa # Keep any old key files if you want

 # Adding the private-key to the SSH agent and
 # store the passphrases in the Keychain for authenticated use
 ssh-add -K ~/.ssh/id_ed25519

 # Specifying Specific Key to SSH into a Remote Server
 ssh -i ~/.ssh/id_ed25519 [email protected]

 # Check SSH connection ability
 ssh -T [email protected]
 ssh -T [email protected]
 # Debug connection issues
 ssh -v [email protected]

 # Copying of the key to server
 ssh-copy-id [email protected]
 ssh-copy-id -i ~/.ssh/id_ed25519.pub -p 221 [email protected]
	# Generating new SSH key best practice
	# RSA is most widely used, 4096 bits recommended!
	# Ed25519 was introduced in OpenSSH 6.5 of January 2014

	# Ref: https://goteleport.com/blog/comparing-ssh-keys/
	# Ref: https://medium.com/risan/upgrade-your-ssh-key-to-ed25519-c6e8d60d3c54

	# List all your keys
	for key in ~/.ssh/id_*; do ssh-keygen -l -f "${key}"; done \| uniq

	# Generate yours
	# -a: It’s the numbers of KDF (Key Derivation Function) rounds.
	# Higher numbers result in slower passphrase verification, increasing
	# the resistance to brute-force password cracking should the private-key be stolen.
	ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "[email protected]"

	# Changing the private key's passphrase without changing the key
	# This can also be used to change the password encoding format to the new standard.
	ssh-keygen -f ~/.ssh/id_ed25519 -p

	# Check the fingerprint
	ssh-keygen -lf ~/.ssh/id_ed25519.pub
	# Output:
	# 256 SHA256:sMs42wBNIz4jeeNiCD/QNvGt966Lk8tI1oGMGwineth MacMladen @Buk5 (ED25519)
	ssh-keygen -E md5 -lf ~/.ssh/id_ed25519.pub
	# Output:
	# 256 MD5:c5:2e:3f:42:5d:63:74:87:97:a7:b6:c9:db:e4:fe:1a MacMladen @Buk5 (ED25519)

	# Add your newly generated Ed25519 key to SSH agent:
	ssh-add ~/.ssh/id_ed25519

	# Adding keys under the default .ssh directory
	# Add base keys
	ssh-add
	# If you want to add all of the available keys under the default .ssh directory
	grep -slR "PRIVATE" ~/.ssh/ \| xargs ssh-add

	# List all active keys
	# -l list keys fingerprints
	# -L list actual keys
	ssh-add -l

	# Also by your ~/.ssh/config file:
	# # Global SSH configurations here will be applied to all hosts
	# IdentityFile ~/.ssh/id_dsa
	# IdentityFile ~/.ssh/id_project1
	# IdentityFile ~/.ssh/id_someotherkey

	# To load the keys automatically and store the passphrases in the Keychain,
	# you need to configure your ~/.ssh/config file:

	#Host *
	# AddKeysToAgent yes
	# UseKeychain yes
	# IdentityFile ~/.ssh/id_ed25519
	# IdentityFile ~/.ssh/id_rsa # Keep any old key files if you want

	# Adding the private-key to the SSH agent and
	# store the passphrases in the Keychain for authenticated use
	ssh-add -K ~/.ssh/id_ed25519

	# Specifying Specific Key to SSH into a Remote Server
	ssh -i ~/.ssh/id_ed25519 [email protected]

	# Check SSH connection ability
	ssh -T [email protected]
	ssh -T [email protected]
	# Debug connection issues
	ssh -v [email protected]

	# Copying of the key to server
	ssh-copy-id [email protected]
	ssh-copy-id -i ~/.ssh/id_ed25519.pub -p 221 [email protected]