diff --git a/mantle/network/ssh.go b/mantle/network/ssh.go
index 14979db4ab..f4a86d9a51 100644
--- a/mantle/network/ssh.go
+++ b/mantle/network/ssh.go
@@ -15,8 +15,9 @@
 package network
 
 import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
 	"crypto/rand"
-	"crypto/rsa"
 	"fmt"
 	"io/ioutil"
 	"net"
@@ -30,7 +31,6 @@ import (
 const (
 	defaultPort = 22
 	defaultUser = "core"
-	rsaKeySize  = 2048
 )
 
 // DefaultSSHDir is a process-global path that can be set, and
@@ -57,7 +57,7 @@ type SSHAgent struct {
 // NewSSHAgent constructs a new SSHAgent using dialer to create ssh
 // connections.
 func NewSSHAgent(dialer Dialer) (*SSHAgent, error) {
-	key, err := rsa.GenerateKey(rand.Reader, rsaKeySize)
+	key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 	if err != nil {
 		return nil, err
 	}
diff --git a/mantle/platform/conf/conf_test.go b/mantle/platform/conf/conf_test.go
index 4f94ff7c4f..297086af26 100644
--- a/mantle/platform/conf/conf_test.go
+++ b/mantle/platform/conf/conf_test.go
@@ -52,7 +52,7 @@ func TestConfCopyKey(t *testing.T) {
 
 		str := conf.String()
 
-		if !strings.Contains(str, "ssh-rsa ") || !strings.Contains(str, " core@default") {
+		if !strings.Contains(str, "ecdsa-sha2-nistp256 ") || !strings.Contains(str, " core@default") {
 			t.Errorf("ssh public key not found in config %d: %s", i, str)
 			continue
 		}