Lately my computer network setup has grown more and more complicated. I have my server in the cloud, a NAS, a desktop work machine, a laptop and soon some Raspberry Pis too. In order to be able to easily connect from one to another I need to setup SSH between them. The default arguments to generate the keys are insecure and many sites on the Internet don't follow the best practices, so I am writing them down here so I can find them more easily.
We first need to generate a key on the source machine. There are several options available for algorithm choice: RSA is older, but still secure with a large enough key, while Ed25519 is newer, so it might not work if you connect to older software:
ssh-keygen -t rsa -b 4096 -o -a 100 ssh-keygen -t ed25519 -a 100
Then you need to copy the public part of the key to the destination server. Luckily, there is a tool that does just this:
For now, that's it. If I ever get really bored, I might set up my own SSH Certificate Authority. However, my todo list is long enough that I don't foresee getting bored anytime soon.