Just out of curiosity, ascertain what keys you have on your machine by issuing the following command:

for key in ~/.ssh/id_*; do ssh-keygen -l -f "${key}"; done | uniq

Generate new ED25519 key pair

ssh-keygen -o -a 256 -t ed25519 -C "$(hostname)-$(date +'%d-%m-%Y')"

Executing the command above will generate a new pair of Ed25519 keys. When asked, provide a strong password for the key pair.

$ ~/.ssh/id_ed25519     #Private key
$ ~/.ssh/id_ed25519.pub #Public key

Let’s have a brief look at each option.

-o will use OpenSSH format for the new keys
-a specifies the number (amount) of key derivation rounds (KDF)
-t specifies the type; in this case Ed25519
-C adds an optional comment that helps with identifying the key

Using the new keys

Now, simply add the public key to the authorized keys of the machine you would like to login to. In order to retrieve the public key, use the following command and copy & paste the output of said command.

cat ~/.ssh/id_ed25519.pub

Sprinkle a bit of convenience on top

Now if you’re like me and are using a Mac, you may use the Keychain to store your password, so you don’t have to always type it out when logging in to your server via ssh.

I added the following to ~/.ssh/config:

Host mtnr
    HostName mtnr.cloud
    UseKeychain yes
    IdentityFile ~/.ssh/id_ed25519

Now, when calling ssh mtnr, I can ssh into my server without specifying anything extra like e.g. which pair of keys to use for authentication and, I only have to type out the password once. All subsequent attempts will use the password stored in my Keychain.

Neat!

Further reading/sources:

• https://cryptsus.com/blog/how-to-secure-your-ssh-server-with-public-key-elliptic-curve-ed25519-crypto.html
• https://medium.com/risan/upgrade-your-ssh-key-to-ed25519-c6e8d60d3c54