RSA Password Protected SSH Key

These instructions are for creating a non-hardware-protected RSA key. The new key should be password-protected.

The advantages of using RSA SSH Keys:

  1. Does not require any hardware.

  2. Simple to generate.

  3. While RSA keys are not as secure as ED25519-SK, they are still much better than traditional "password-protected" accounts.

  4. Still considered "two factors", as it is a key (something you have) and a password to use the private key (something you know)

  5. RSA keys are supported by almost every version of SSH regardless of the platform (Windows, Linux, OpenBSD, etc)

  6. In some situations, such as a "jump box", it might be difficult to securely pass -sk (ECDSA-SK/ED25519-SK) keys.

The disadvantages of RSA SSH Keys:

  1. Considered less security than modern protocols.

  2. Private keys can be generated without passwords, and there is no way to determine from the public key if a password has been used or not. This might lead to auditing issues. If the private key is on a jump box, it can be tested via a script to determine if a password has been used.

Previous2. Using "webauthn.io" to register a new Yubikey PIN.Next1. Key9 Settings to allow RSA

Last updated