# RSA Password Protected SSH Key

These instructions are for creating a non-hardware-protected RSA key.  *The new key should be password-protected.*

## The advantages of using RSA SSH Keys:

1. Does not require any hardware.&#x20;
2. Simple to generate.
3. While RSA keys are not as secure as ED25519-SK,   they are still much better than traditional "password-protected" accounts.&#x20;
4. Still considered "two factors",  as it is a key (something you have) and a password to use the private key (something you know)
5. RSA keys are supported by almost every version of SSH regardless of the platform (Windows, Linux, OpenBSD, etc)
6. In some situations, such as a "jump box",  it might be difficult to securely pass -sk (ECDSA-SK/ED25519-SK) keys.&#x20;

## The disadvantages of RSA SSH Keys:

1. Considered less security than modern protocols.&#x20;
2. Private keys can be generated *without passwords*,  and there is no way to determine from the public key if a password has been used or not.  This might lead to auditing issues.  If the private key is on a jump box,  it can be tested via a script to determine if a password has been used.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.k9.io/key9-identity/ssh/installation-and-setup/rsa-password-protected-ssh-key.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.