When we create Unix / Linux instances in the cloud (regardless of the provider we usually use), we are asked to use a public / private key set to secure access to the instances. Without this additional protection and only relying on a Login / Password, our systems are vulnerable to dictionary attacks or brute force, which depending on the strength of our password will delay more or less our atrackers.
Usually when we generate our keys, we don't worry too much and assume that Keys are in itself secure.
but the reality is that depending on the options we choose when creating it, these will be more or less robust.
The passphrase is important:
The passphrase is very important, because it will be used to encrypt the Private Key, so if someone obtains this Private Key, it still will be protected. The passphrase must be cryptographically strong.
If you don't know howto generate a strong passphras, you can find a random generator here.
Choosing the algorithm right Key Size:
Well yes, we have several options of which the most common are:
ssh-keygen -t rsa -b 4096 ssh-keygen -t dsa ssh-keygen -t ecdsa -b 521 ssh-keygen -t ed25519
Which one do I use??
Well, I mainly use RSA 4096 and ed25519 depending on what the systems support. If you don't want to complicate a 4096 RSA it will give you good security and excellent portability. If you don't distrust that it is developed by the government, ECDSA is also an excellent option.
I hope you have found it of interest!!!