Lately my computer network setup has grown more and more com­pli­cat­ed. I have my server in the cloud, a NAS, a desktop work machine, a laptop and soon some Raspberry Pis too. In order to be able to easily connect from one to another I need to setup SSH between them. The default arguments to generate the keys are insecure and many sites on the Internet don't follow the best practices, so I am writing them down here so I can find them more easily.

We first need to generate a key on the source machine. There are several options available for algorithm choice: RSA is older, but still secure with a large enough key, while Ed25519 is newer, so it might not work if you connect to older software:

ssh-keygen -t rsa -b 4096 -o -a 100
ssh-keygen -t ed25519 -a 100

Then you need to copy the public part of the key to the des­ti­na­tion server. Luckily, there is a tool that does just this:

ssh-copy-id user@destination

For now, that's it. If I ever get really bored, I might set up my own SSH Cer­tifi­cate Authority. However, my todo list is long enough that I don't foresee getting bored anytime soon.