SSH Key with Ed25519

With my last team, at the request of Ryan, our CTO, I stopped using RSA for my public keys and started using Ed25519.

Ed25519 uses elliptic curve cryptography with good security and performance. That’s the real reason to use it. My favorite thing about it, though, is when the whole team uses Ed25519 instead of RSA, a server’s ~/.ssh/authorized_keys file looks 😍:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIAePksB5aPc6sww+RMzJwpVuDhRAgzOKP1Q/o3suIbw alice@home.local
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEB/O/VwAvqWIV/EN9aHjHAg/9JYsX/Ce2yvr5wPI3gZ bob@work.local
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAYG1rgF4YSSBwtinbhFLR/Qeah11jYcQpf6lX4yql60 carol@home.local

Create the key:

ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -C "$(whoami)@$(hostname)"

Start the SSH agent:

eval "$(ssh-agent -s)"

Update ~/.ssh/config:

Host *
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile ~/.ssh/id_ed25519

Host github.com
  Hostname ssh.github.com
  Port 443

Add the private key to the SSH agent on macOS:

ssh-add -K ~/.ssh/id_ed25519