The Ed25519 was introduced on OpenSSH version 6.5. It’s the EdDSA implementation using the Twisted Edwards curve. It offers a better security with faster performance compared to DSA or ECDSA. Some benefits are that its faster, and compact – it only contains 68 characters, compared to RSA 3072 that has 544 characters. Generating the key is fast! It’s also fast to perform batch signature verification with Ed25519.
To test, you will need a client and test server. The client server is where we generate the keys. When we generate keys, there will be a private key and a public key. Then we copy the public key to the test server. When we ssh to the test server, the private key we have on the client server matches the public key that we copied to the test server. To generate a new pair of SSH keys that uses Ed25519 algorithm on the client server, run:
# ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "somename" Generating public/private ed25519 key pair. Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_ed25519. Your public key has been saved in /root/.ssh/id_ed25519.pub. The key fingerprint is: SHA256:S5mglsGaa7byro5iFvC01VyFt+plsvrt5SLtTTzUHVU geekdecoder The key's randomart image is: +--[ED25519 256]--+ | o. E| | . o . .| | oo.. . . . | |. .o.+o. o. . ..| |.ooo+ S. . . .| | .oo .o.oo | | = ..* = | |+= . +.o= . | |B*+ .o.++.o | +----[SHA256]-----+
Specifies filename of the keyfile, used for specifying other than default name
number of primality test while screening DH-GEX candidates
type of key (RSA, ED25519, DSA, etc)
Comment (not used in algorithm, only used in public key)
openSSH key format instead of older PEM (needs OpenSSH 6.5+)
On the server, check for the .ssh direstory. If it is not there , you will need to create it.
On Server, make directory and set permissions
# mkdir -p ~/.ssh # chmod 0700 ~/.ssh
On Client, Copy Public SSH Key to Server
Using the command “ssh-copy-id” is the preferred way. You will need to have ssh access to the server to copy the key.
Here is the command:
# ssh-copy-id -i ~/.ssh/id_ed25519.pub email@example.com -p22 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_ed25519.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@somehost's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh -p '22' 'firstname.lastname@example.org'" and check to make sure that only the key(s) you wanted were added.
If you want to just login to the server with the hostname vs the full domain like:
ssh “server1” vs “ssh -p ’22’ ‘email@example.com'”, then add a hostname entry to the client with the following:
ip.of.the.server server1.server.com server1
Now try the short ssh:
# ssh server1 Linux v1.bytesoil.host 4.19.0-11-amd64 #1 SMP Debian 4.19.146-1 (2020-09-17) x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Thu Nov 19 15:38:24 2020 from 18.104.22.168 root@server1:~#