Home Pareto Security Checks

SSH keys use strong encryption

What

The strong key size is required to prevent bruteforcing of the private key or at least delay it.

How to fix

To check the strength of a key:

  • Open Terminal app and type
    ssh-keygen -l -f ~/.ssh/id_rsa
  • Replace id_rsa with the name of the key that was reported
  • Press enter, the first returned value is key size

Recommended key sizes are as follows:

  • For the RSA algorithm at least 2048, recommended 4096
  • The DSA algorithm should not be used
  • For the ECDSA algorithm it should be 521
  • For the ED25519 the key size should be 256 or larger

Sources NIST, SSH Academy.

If you want to create a new strong SSH key, the GitHub docs provide a great starting point.

See code on GitHub