[tyrel]

Seeing a key with substring of "Tyr" as the username and that substring of my key matching scared me a bit.

If you want to check how many bits your key is, use

ssh-keygen -l -f ~/.ssh/your_key.pub

(It wasn't mine, while it is an older key, mine is larger than 768 thankfully)

Edit: look at timdorr's example for a better visual.

[timdorr]

Most people will want to run this verbatim:

  ssh-keygen -l -f ~/.ssh/id_rsa.pub

You'll get an output like so:

  ⚡~ $ ssh-keygen -l -f ~/.ssh/id_rsa.pub
  2048 f6:2d:94:54:c0:96:18:64:24:fb:c2:ad:ed:6a:1d:68  timdorr@Pixelicious.local (RSA)

[philo23]

There's probably a better way of doing it, but this should check all your public keys if you use more than one, assuming they're in ~/.ssh

  for file in $(ls ~/.ssh/*.pub); do ssh-keygen -lf $file; done

[morganm]

Not better, but could also be written as:

  find ~/.ssh -name '*.pub' | xargs ssh-keygen -lf

Here's a simple bash function to check all your GitHub keys:

  function check_github_keys {
    username=$1
    i=0
    curl -sw "\n" "https://github.com/${username}.keys" | while IFS="\n" read -r line ; do
      tmp=`mktemp -t githubkey`;
      echo "$line" > $tmp
      res=$(ssh-keygen -lf $tmp)
      rm $tmp
      ((i=i+1))
      echo "${username}.keys:${i}  ${res/ $tmp/}"
    done
  }

Invoke as:

  check_github_keys <username>

I'm sure there's a better way to write that one though!

[bobbyi_settv]

Your initial "find" version would be better if it used print0 because it would avoid failing on files with spaces in their names:

find ~/.ssh -name '*.pub' -print0 | xargs -0 ssh-keygen -lf

[motoboi]

This of course can be rewritten as find ~/.ssh -name \*.pub -exec ssh-keygen -lf {} \;

[atombender]

If you use ssh-agent, you can do:

    ssh-add -l

to list all your registered keys.

[Killswitch]

    4096 63:f2:23:00:c9:0d:07:3b:6d:ad:4d:a9:98:32:f5:25  ***@*** (RSA)

Am I good?

[wwwhizz]

Your key is 4096 bits, you're good.

[tyrel]

True, this will be default if you don't namespace your keys and use ssh config files like I do, I should have just said that.

[_lce0]

how much safe are we, with a 2048 bits key?

is this something we should be upgrading (like to 4096) in the near future?

[agwa]

Not much point in upgrading from 2048 bit RSA to 4096 bit RSA. Instead, you should plan to upgrade to ed25519 keys when your client and servers support them - faster and better security than RSA.

[BlackFingolfin]

Of course that is an "if" one should carefully think about -- e.g. it is OK if all you are using is OpenSSH at version 6.5 or later. (That can be a problem with many older boxes). But other than that, last I checked only SSH.NET and tinyssh supported ed25519 keys. Shameless plug for some more data on this: http://ssh-comparison.quendi.de/comparison.html (yeah, that page could be a lot better -- pull requests are welcome)

[therealmarv]

Does anybody have a good (and easy!) guide how to do that on my Mac or Linux machine (client and server) ?

[agwa]

If you have experience with RSA key pairs, using ed25519 key pairs is easy. To generate a key pair just run: ssh-keygen -t ed25519

As with RSA, this command generates a public and private key file. Put the public key in the authorized_keys file on the server side.

You'll need OpenSSH 6.4 on both the server and the client side. If you have an older version, I would not recommend upgrading outside of your operating system's normal upgrade channel because then you'll be responsible for security updates. Instead I would wait until your operating system has it.

[toothbrush]

It amounts to doing this:

  $ ssh-keygen -t ed25519

As usual, on the server, you do something like

  $ cat generated-key.pub >> ~you/.ssh/authorized_keys

EDIT: sibling post was quicker off the bat. Oh well, that'll teach me to not refresh a tab :p

[duskwuff]

2048 is fine for the foreseeable future; it's the same key length used for most SSL certificates (including CAs!). Your next key upgrade should probably be to another key type entirely, most likely ED25519.

[mbesto]

I don't have a qualified answer but given he says it would take 24 minutes to crack a 256bit key and 3 days to do a 512bit, I would extrapolate (given exponentially difficulty as you add more bits) to roughly:

- 180x per doubling bit size would be - 512 doubled twice, would mean 3 days * 180 * 180 = 97,200 days

I think you're safe.

[agwa]

That's not how the math works.

First, 2048 bits is not 512 bits doubled twice, but rather doubled 1536 times (512 doubled twice would be 514). If this were a symmetric cipher, you could stop here and conclude that a 2048 bit key was 2^1536 times stronger than a 512 bit key.

However, RSA has diminishing returns on security as you increase the key length. The strength is determined by the complexity of the GNFS, the fastest known way of breaking RSA[1]. That tells us that breaking 256-bit RSA takes ~2^46 operations, 512-bit RSA takes ~2^63, 2048-bit RSA takes ~2^116, and 4096-bit RSA takes ~2^156. 2^116 is a lot of operations - they say the amount of energy required to break that would be nearly enough to boil all the water on earth.

[1] http://crypto.stackexchange.com/questions/8687/security-stre...

[mikekchar]

> they say the amount of energy required to break that would be nearly enough to boil all the water on earth.

Not wanting to be alarmist, but what you're saying is that someone breaking my ssh key (which is 2048 bits) is the end of the world...

[therealmarv]

great answer!

[knappe]

On his/her admittedly subpar machine. Keep in mind that this will vary wildly for different hardware.

[finicky]

i had the same moment of panic and ended up removing old keys and regenerating my keys that are in use. i wish i'd seen this comment beforehand -_-