Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why use `-t rsa -b 4096` with ssh-keygen?

Tags:

ssh

rsa

ssh-keygen

Why should I use the options, -t rsa, -b 4096, and -C "[email protected]" when creating an SSH key, as instructed by github? If I create an SSH key without these options, is it less secure? If so, why?

What frustrates me about these options is that they're hard to remember (is it 4096 or 4095? Which flag went with the number and which went with the "rsa" value? Which flag went in front of my email? Wasn't it an uppercase letter?), and creating new keys can be a frequent activity, for example, if trying out bitbucket and gitlab, and different cloud hosting providers.

[update]
The man page states, "The type of key to be generated is specified with the -t option. If invoked without any arguments, ssh-keygen will generate an RSA key for use in SSH protocol 2 connections."

Why then does the github page specify -t rsa?

like image 998
rm.rf.etc Avatar asked Aug 14 '18 05:08

rm.rf.etc

2 Answers

-t and -b are the parameters that go with the ssh-keygen utility.

-t (type)

Specifies the algorithm to be used for generating the keys. Algorithms available are - rsa , dsa , ecdsa

-b (bits)

Specifies the no. of bits for the key size. These were 1024, 2048 earlier.

2048 * 2 = 4096 is considered strong. Hence the recommended key size.

2048 bits is considered to be sufficient for RSA keys. This is the default key size if you don't mention the -b flag.

rsa - Rivest–Shamir–Adleman

dsa - Digital Signature Algorithm. A key size of 1024 would normally be used with it.

ecdsa - Elliptic Curve Digital Signature Algorithm - three key sizes are supported: 256, 384, and 521 bits.

As of for the different numbers in different public-key cryptographic algorithms, you will have to explore the information security/encryption/symmetric algorithms domain.

like image 103
Shreyas Avatar answered Oct 11 '22 09:10

Shreyas

For 2021 and beyond:

RSA is now starting to be phased out in favour of Ed25519. The original question is based off of old information. Github and most people recommend now using Ed25519 if at all possible.

ssh-keygen -t ed25519 -C "[email protected]"

The default number of rounds for this is 16. You can increase the number of rounds with the -a parameter. However, keep in mind that the more rounds the slower verification will become so logins would be a bit slower. The default 16 might be less than 1 second to login, whereas a value of 150 or more might add a few seconds or more of delay:

ssh-keygen -t ed25519 -a 100 -C "[email protected]"
like image 29
kojow7 Avatar answered Oct 11 '22 09:10

kojow7
Sign in to Comment

Related questions

Why won't Vagrant ssh into my virtual box when I use `Vagrant Up` on Windows 7 command line?
Magento 1.7.2 SECURITY PATCH ERROR Via SSH
How to do multihop ssh with fabric
How to Setup Corkscrew to Connect to Github through Draconian Proxy
Cant apt-get remove or apt-get install | fopen permission denied
Cannot connect to Azure Ubuntu VM - Public Key Denied
ssh eval "$(ssh-agent -s) returns Illegal variable name
git push with ssh remote fails unless verbose
Are SSH destination and source ports identical (symmetric ports)?
How can I disable greeting message when ssh in to a server?
Wait to finish command executed with Python Paramiko
How to ssh into a instance in Private Subnet via Nat Gateway? [closed]
How to Connect Remote Database in Laravel 5 using ssh
Difference between the commands "gcloud compute ssh" and "ssh"
password define for ssh connection into docker container
How can I create a Jenkins Docker image that uses provided ssh keys for jenkins user?
GitHub error - "ssh_exchange_identification: read: Connection reset by peer"
Command not found: ssh OpenSSH not found on your computer
x2go resolution from windows client
How to ssh to Azure VM using private IP address from internet

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!