SSH key that uses Ed25519 algorithm

To test, you will need a client and test server. The client server is where we generate the keys.

When we generate keys, there will be a private key and a public key.

Then we copy the public key to the test server. When we ssh to the test server, the private key we have on the client server matches the public key that we copied to the test server.

To generate a new pair of SSH keys that uses Ed25519 algorithm on the client server, run:

# ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "somename"
Generating public/private ed25519 key pair.
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_ed25519.
Your public key has been saved in /root/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:S5mglsGaa7byro5iFvC01VyFt+plsvrt5SLtTTzUHVU geekdecoder
The key's randomart image is:
+--[ED25519 256]--+
|         o.     E|
|   .    o .     .|
|    oo.. . .   . |
|. .o.+o. o.  . ..|
|.ooo+   S.  . . .|
| .oo   .o.oo     |
|  =    ..*  =    |
|+= .    +.o= .   |
|B*+   .o.++.o    |
+----[SHA256]-----+

-f
Specifies filename of the keyfile, used for specifying other than default name
-a
number of primality test while screening DH-GEX candidates
-t
type of key (RSA, ED25519, DSA, etc)
-C
Comment (not used in algorithm, only used in public key)
-o
openSSH key format instead of older PEM (needs OpenSSH 6.5+)

If your account on the remote system doesn’t already contain a ~/.ssh/authorized_keys file, create one; on the command line, enter the following commands:

# mkdir -p ~/.ssh
# touch ~/.ssh/authorized_keys

On Client, Copy Public SSH Key (id_ed25519.pub) to Remote Server
Using the command “ssh-copy-id” is the preferred way. You will need to have ssh access to the server to copy the key.

Here is the command:

# ssh-copy-id -i ~/.ssh/id_ed25519.pub root@server1.server.com -p22

Now try logging into the machine, with:

"ssh -p '22' 'root@server1.server.com'"

Check to make sure that only the key(s) you wanted were added.

Adding Your Key to SSH Agent

You can find your newly generated private key at ~/.ssh/id_ed25519 and your public key at ~/.ssh/id_ed25519.pub. Always remember that your public key is the one that you copy to the target host for authentication.

Before adding your new private key to the SSH agent, make sure that the SSH agent is running by executing the following command:

# eval "$(ssh-agent -s)"

Then run the following command to add your newly generated Ed25519 key to SSH agent:

#ssh-add ~/.ssh/id_ed25519

Or if you want to add all of the available keys under the default .ssh directory, simply run:

# ssh-add

If you want to just login to the server with the hostname vs the full domain like:

ssh “server1” vs “ssh -p ’22’ ‘root@server.com'”, then add a hostname entry to the client with the following:

# nano /etc/hosts
ip.of.the.server  server1.server.com        server1

Now try the short ssh:

# ssh server1

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.