From 1aa0833de958d9c27bf6a1e59f31634a9ef04175 Mon Sep 17 00:00:00 2001
From: John Dutton <118553549+jddocs@users.noreply.github.com>
Date: Tue, 15 Aug 2023 15:35:56 -0400
Subject: [PATCH] SSH Public Key Authentication guide improvements (#6532)

* Clarification around different key pair types, command options, and file names

* Added tabs to differentiate between key pair commands
---
 .../index.md                                   | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/docs/guides/security/ssh/use-public-key-authentication-with-ssh/index.md b/docs/guides/security/ssh/use-public-key-authentication-with-ssh/index.md
index d6368cf6b58..e3c67a27235 100644
--- a/docs/guides/security/ssh/use-public-key-authentication-with-ssh/index.md
+++ b/docs/guides/security/ssh/use-public-key-authentication-with-ssh/index.md
@@ -9,7 +9,7 @@ bundles: ['debian-security', 'centos-security', 'network-security']
 modified_by:
   name: Linode
 published: 2011-04-05
-modified: 2023-05-22
+modified: 2023-08-10
 title: "Use SSH Public Key Authentication on Linux, macOS, and Windows"
 title_meta: "How to Use SSH Public Key Authentication"
 image: use_public_key_authentication_with_ssh.png
@@ -86,21 +86,29 @@ If you'd like to set up your logins so that they require no user input, then cre
 
 #### Encryption Algorithms
 
-When generating a key pair for use with SSH, there are a few encryption algorithms that can be used. The two most common and recommended values include **Ed25519** and **RSA**, but users can also use **ecdsa** and **dsa**.
+When generating a key pair for use with SSH, there are multiple encryption algorithms that can be used. The two most common and recommended values are **Ed25519** and **RSA**, but users can also use [**ECDSA**](https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm) and [**DSA**](https://en.wikipedia.org/wiki/Digital_Signature_Algorithm).
 
 - **Ed25519** *(recommended)*: Supported in OpenSSH v6.5+. This type provides the best security when compared with its relative key length and is generally the fastest to generate and use.
 
-- **RSA**: This is the most commonly used algorithm and is supported by almost all systems and OpenSSH versions. RSA keys are generally much longer than those generated by other algorithms. To maintain secure systems, we recommend generating RSA keys using a length of 4096-bits.
+- **RSA**: This is the most commonly used algorithm and is supported by almost all systems and OpenSSH versions. RSA keys are generally much longer than those generated by other algorithms.
 
 ## Generate an SSH Key Pair
 
 This section covers using the [ssh-keygen](https://man7.org/linux/man-pages/man1/ssh-keygen.1.html) tool (included with OpenSSH) to generate an SSH key on your system. OpenSSH (and ssh-keygen) are included by default on Linux and macOS. Windows 10 and 11 users may need to first install OpenSSH before continuing. Users of Windows 7 and below should use the [PuTTY instructions](#public-key-authentication-with-putty-on-windows) at the bottom of this page.
 
-1.  Run the command below to generate a new key using the [ssh-keygen](https://man7.org/linux/man-pages/man1/ssh-keygen.1.html) tool. Provided you are using relatively modern systems (both locally and remotely), we recommend generating keys using the Ed25519 algorithm.
+1.  Run the command below to generate a new key using the [ssh-keygen](https://man7.org/linux/man-pages/man1/ssh-keygen.1.html) tool. Provided you are using relatively modern systems (both locally and remotely), we recommend generating keys using the Ed25519 algorithm. If you prefer a different encryption algorithm, replace `ed25519` with your desired algorithm type. See the `-t` option below.
 
+    {{< tabs >}}
+    {{< tab "Ed25519 (recommended)" >}}
     ```command
     ssh-keygen -t ed25519 -C "user@domain.tld"
+    ```    {{< /tab >}}
+    {{< tab "RSA" >}}
+    ```command
+    ssh-keygen -t rsa -b 4096 -C "user@domain.tld"
     ```
+    {{< /tab >}}
+    {{< /tabs >}}
 
     - `-t`: This defines the type of key you are generating (the algorithm that's used). Possible values include `ed25519` (recommended), `rsa` (recommended only for older systems), `ecdsa`, `dsa`, and two other types designated for security keys (`ed25519-sk` and `ecdsa-sk`).
 
@@ -108,7 +116,7 @@ This section covers using the [ssh-keygen](https://man7.org/linux/man-pages/man1
 
     - `-b`: The bit length used when generating RSA, ECDSA, or DSA keys. For RSA keys, it is recommended that you specify a bit length of 4096.
 
-1.  When prompted for the file name, press <kbd>Enter</kbd> to use the default name and path. Typically, SSH keys are stored in the `~/.ssh/` directory. Private keys using Ed25519 are saved with the name `id_ed25519` be default while RSA keys use the name `id_rsa` by default. Public keys use the same file name but are appended with `.pub`.
+1.  When prompted for the file name, press <kbd>Enter</kbd> to use the default name and path. Typically, SSH keys are stored in the `~/.ssh/` directory. Private keys using Ed25519 are saved with the name `id_ed25519` be default while RSA keys use the name `id_rsa` by default. Public keys use the same file name but are appended with `.pub` (for example: `id_ed25519.pub`).
 
     ```output
     Generating public/private ed25519 key pair.