Skip to content

Instantly share code, notes, and snippets.

@hrdtbs
Created June 2, 2018 10:25
Show Gist options
  • Star 25 You must be signed in to star a gist
  • Fork 9 You must be signed in to fork a gist
  • Save hrdtbs/ba50868d7d608b89f958fe32dc35fdd4 to your computer and use it in GitHub Desktop.
Save hrdtbs/ba50868d7d608b89f958fe32dc35fdd4 to your computer and use it in GitHub Desktop.
Connect to Github with ED25519

Connect to github with ED25519

2017/08/09 MacOS

Check SSH key

$ ls -al ~/.ssh

ls

  • -a : show all file
  • -l : show file details

Generate SSH key

$ cd ~/.ssh
$ ssh-keygen -t ed25519 -C "your-email@example.com"

ssh-keygen

  • -t : key type
  • -f : file name to store the key
  • -b : key bit number case ED25519: Fixed
  • -N : new pass pharase
  • -C : add new comment

Add to SSH agent

$ eval "$(ssh-agent -s)"
$ ssh-add -K ~/.ssh/id_ed25519

ssh-add

  • -K : key is registered in the key chain store and it is automatically called when the terminal is activated
  • -l : show list of registered keys

Register SSH Key in GitHub account

$ pbcopy < ~/.ssh/id_ed25519.pub

Paste here

Check

ssh -T git@github.com
@englianhu
Copy link

Before proceeding, here is some context: When building new things, it is usually better to use the Elliptic Curve technology algorithm Ed25519 instead of RSA. There is also ECDSA — which has had a comparatively slow uptake, for a number of reasons — that is widely available and is a reasonable choice when Ed25519 is not available. There are also post-quantum algorithms, but they are newer and adopting them today requires a careful cost-benefit analysis.

Kindly refer to Why I don’t Use 2048 or 4096 RSA Key Sizes for more information.

Conclusion
When it comes down to it, the choice is between RSA 2048⁄4096 and Ed25519 and the trade-off is between performance and compatibility. RSA is universally supported among SSH clients while EdDSA performs much faster and provides the same level of security with significantly smaller keys. Peter Ruppel puts the answer succinctly:

The short answer to this is: as long as the key strength is good enough for the foreseeable future, it doesn’t really matter. Because here we are considering a signature for authentication within an SSH session. The cryptographic strength of the signature just needs to withstand the current, state-of-the-art attacks.
Ed25519 for SSH

Kindly refer to Comparing SSH Keys - RSA, DSA, ECDSA, or EdDSA? for more information.

@meiyujack
Copy link

@meiyujack
Copy link

Do Not use -K at "ssh-add -K ~/.ssh/id_ed25519" , or can't fix it. Details: https://bbs.archlinux.org/viewtopic.php?id=280696 Although installed libfido2, but https://forums.freebsd.org/threads/freebsd13-and-yubikey-bio-for-ssh.86710/ so https://stackoverflow.com/questions/64043238/enter-pin-for-authenticator-issue-related-to-ssh

I figure out it's Mac.lol
PC_linux look here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment