SSH Public Key Authentication guide improvements (#6532)

* Clarification around different key pair types, command options, and file names * Added tabs to differentiate between key pair commands
linode · Aug 15, 2023 · 1aa0833 · 1aa0833
1 parent 06b1657
commit 1aa0833
Showing 1 changed file with 13 additions and 5 deletions.
diff --git a/docs/guides/security/ssh/use-public-key-authentication-with-ssh/index.md b/docs/guides/security/ssh/use-public-key-authentication-with-ssh/index.md
@@ -9,7 +9,7 @@ bundles: ['debian-security', 'centos-security', 'network-security']
 modified_by:
   name: Linode
 published: 2011-04-05
-modified: 2023-05-22
+modified: 2023-08-10
 title: "Use SSH Public Key Authentication on Linux, macOS, and Windows"
 title_meta: "How to Use SSH Public Key Authentication"
 image: use_public_key_authentication_with_ssh.png
@@ -86,29 +86,37 @@ If you'd like to set up your logins so that they require no user input, then cre
 
 #### Encryption Algorithms
 
-When generating a key pair for use with SSH, there are a few encryption algorithms that can be used. The two most common and recommended values include **Ed25519** and **RSA**, but users can also use **ecdsa** and **dsa**.
+When generating a key pair for use with SSH, there are multiple encryption algorithms that can be used. The two most common and recommended values are **Ed25519** and **RSA**, but users can also use [**ECDSA**](https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm) and [**DSA**](https://en.wikipedia.org/wiki/Digital_Signature_Algorithm).
 
 - **Ed25519** *(recommended)*: Supported in OpenSSH v6.5+. This type provides the best security when compared with its relative key length and is generally the fastest to generate and use.
 
-- **RSA**: This is the most commonly used algorithm and is supported by almost all systems and OpenSSH versions. RSA keys are generally much longer than those generated by other algorithms. To maintain secure systems, we recommend generating RSA keys using a length of 4096-bits.
+- **RSA**: This is the most commonly used algorithm and is supported by almost all systems and OpenSSH versions. RSA keys are generally much longer than those generated by other algorithms.
 
 ## Generate an SSH Key Pair
 
 This section covers using the [ssh-keygen](https://man7.org/linux/man-pages/man1/ssh-keygen.1.html) tool (included with OpenSSH) to generate an SSH key on your system. OpenSSH (and ssh-keygen) are included by default on Linux and macOS. Windows 10 and 11 users may need to first install OpenSSH before continuing. Users of Windows 7 and below should use the [PuTTY instructions](#public-key-authentication-with-putty-on-windows) at the bottom of this page.
 
-1.  Run the command below to generate a new key using the [ssh-keygen](https://man7.org/linux/man-pages/man1/ssh-keygen.1.html) tool. Provided you are using relatively modern systems (both locally and remotely), we recommend generating keys using the Ed25519 algorithm.
+1.  Run the command below to generate a new key using the [ssh-keygen](https://man7.org/linux/man-pages/man1/ssh-keygen.1.html) tool. Provided you are using relatively modern systems (both locally and remotely), we recommend generating keys using the Ed25519 algorithm. If you prefer a different encryption algorithm, replace `ed25519` with your desired algorithm type. See the `-t` option below.
 
+    {{< tabs >}}
+    {{< tab "Ed25519 (recommended)" >}}
     ```command
     ssh-keygen -t ed25519 -C "user@domain.tld"
+    ```    {{< /tab >}}
+    {{< tab "RSA" >}}
+    ```command
+    ssh-keygen -t rsa -b 4096 -C "user@domain.tld"
     ```
+    {{< /tab >}}
+    {{< /tabs >}}
 
     - `-t`: This defines the type of key you are generating (the algorithm that's used). Possible values include `ed25519` (recommended), `rsa` (recommended only for older systems), `ecdsa`, `dsa`, and two other types designated for security keys (`ed25519-sk` and `ecdsa-sk`).
 
     - `-C`: An optional comment to help you distinguish between SSH keys, especially on remote systems that may have multiple authorized keys. Commonly, email addresses are used in the comment fields.
 
     - `-b`: The bit length used when generating RSA, ECDSA, or DSA keys. For RSA keys, it is recommended that you specify a bit length of 4096.
 
-1.  When prompted for the file name, press <kbd>Enter</kbd> to use the default name and path. Typically, SSH keys are stored in the `~/.ssh/` directory. Private keys using Ed25519 are saved with the name `id_ed25519` be default while RSA keys use the name `id_rsa` by default. Public keys use the same file name but are appended with `.pub`.
+1.  When prompted for the file name, press <kbd>Enter</kbd> to use the default name and path. Typically, SSH keys are stored in the `~/.ssh/` directory. Private keys using Ed25519 are saved with the name `id_ed25519` be default while RSA keys use the name `id_rsa` by default. Public keys use the same file name but are appended with `.pub` (for example: `id_ed25519.pub`).
 
     ```output
     Generating public/private ed25519 key pair.