Login/Register
Why use `-t rsa -b 4096` with ssh-keygen?
Asked Answered
sshrsassh-keygen
G

2

18

Why should I use the options, -t rsa, -b 4096, and -C "[email protected]" when creating an SSH key, as instructed by github? If I create an SSH key without these options, is it less secure? If so, why?

What frustrates me about these options is that they're hard to remember (is it 4096 or 4095? Which flag went with the number and which went with the "rsa" value? Which flag went in front of my email? Wasn't it an uppercase letter?), and creating new keys can be a frequent activity, for example, if trying out bitbucket and gitlab, and different cloud hosting providers.

[update]
The man page states, "The type of key to be generated is specified with the -t option. If invoked without any arguments, ssh-keygen will generate an RSA key for use in SSH protocol 2 connections."

Why then does the github page specify -t rsa?

Gadmon answered 14/8, 2018 at 5:25 Comment(2)
Why do have to remember them? That's what the man command and other documentation is for.Brozak
As computers operate in binary, you should memorize the binary place values: 1, 2, 4, 8, 16, 32, 64, 128, 256, 1024, 2048, 4096, 8192. You will likely see these numbers in many other places where digital numbers. If you know those you will instinctively know that it should be 4096 and not 4095.Sophomore
H
13

-t and -b are the parameters that go with the ssh-keygen utility.

-t (type)

Specifies the algorithm to be used for generating the keys. Algorithms available are - rsa , dsa , ecdsa

-b (bits)

Specifies the no. of bits for the key size. These were 1024, 2048 earlier.

2048 * 2 = 4096 is considered strong. Hence the recommended key size.

2048 bits is considered to be sufficient for RSA keys. This is the default key size if you don't mention the -b flag.

rsa - Rivest–Shamir–Adleman

dsa - Digital Signature Algorithm. A key size of 1024 would normally be used with it.

ecdsa - Elliptic Curve Digital Signature Algorithm - three key sizes are supported: 256, 384, and 521 bits.

As of for the different numbers in different public-key cryptographic algorithms, you will have to explore the information security/encryption/symmetric algorithms domain.

Hangman answered 14/8, 2018 at 6:15 Comment(2)
Why use these options instead of the default?Gadmon
You can use the default if it suffices your requirement. Defaults for -t & -b are RSA and 2048 bits. With options you can change the algorithm and the bits for better encryption.Hangman
S
12

For 2021 and beyond:

RSA is now starting to be phased out in favour of Ed25519. The original question is based off of old information. Github and most people recommend now using Ed25519 if at all possible.

ssh-keygen -t ed25519 -C "[email protected]"

The default number of rounds for this is 16. You can increase the number of rounds with the -a parameter. However, keep in mind that the more rounds the slower verification will become so logins would be a bit slower. The default 16 might be less than 1 second to login, whereas a value of 150 or more might add a few seconds or more of delay:

ssh-keygen -t ed25519 -a 100 -C "[email protected]"
Sophomore answered 21/5, 2021 at 18:36 Comment(3)
It makes sense to consider information in this article: medium.com/risan/upgrade-your-ssh-key-to-ed25519-c6e8d60d3c54 I found a comment helpful here: medium.com/@hopeseekr_86196/…Mcclenon
I'll paste part of the comment here too... It was from someone called Theodore R. Smith and the comment content was "In 2021, there is grave danger with using ed25519 for your SSH keys". He attributes improvements in quantum computing to support that opinion. He says, "I've switched to RSA 8192. Support seems pretty good. ssh-keygen -o -t rsa -a 100 -b 8192 -f id_rsa-8192 -C "[email protected]" The -a 100 makes it even harder for convential hackers to bruteforce your passphrase."Mcclenon
@Mcclenon Can you provide other sources other than this article that states that ED25519 should be avoided? The article indicates DARPA and NIST, but no links are provided. Also, can you explain why you think quantum computers would have a harder time breaking RSA (even at 100 rounds)?Sophomore

© 2022 - 2024 — McMap. All rights reserved.