When it comes to ssh keys you’ll see a few posts referring to the older more common id_rsa, we will be generating that too but by default we’ll be using id_ed25519.

Ed25519 is a stronger key, utilising an elliptic curve encryption scheme. In time this key should replace dsa and rsa.

Our first step is to ensure OpenSSH is installed

Arch/Manjaro:

pacman -S openssh

debian\ubuntu

apt install openssh-client

Some may note a missing sudo there but we all know when and when not to su, don’t we?.

Now we can create the key, first rsa, just in case you have an old ssh server somewhere

   ssh-keygen -t rsa -b 4096 -C "somebody@example.com"

Follow the questions, they should be obvious and now we’ll repeat for the key we’ll actually be using.

ssh-keygen -t ed25519 -C "somebody@example.com"

You can change the default name of the key but you should keep them in ~/.ssh. We’ll now tell the system that this is your key:

ssh-add ~/.ssh/name_of_key

That’s it, you’re just about ready to connect to a box securely. Make sure to back up your keys and try to never lose them, they’re just like the keys to your house.

When you are telling a server about your keys, it’s your public key you share with the server, not the private key. The public key by default ends in .pub, on the server you should add that to ~/.ssh/authorized_keys for the account that will connecting or when you’re adding you key to github/gitlab, you’d paste your public key in settings->ssh.