use ed25519 keys instead of rsa keys (#362)

timball · hubwriter · web-flow · commit 079c229d5195 · 2020-11-03T11:23:04.000Z
* use ed25519 keys instead of rsa keys

RSA keys are outdated. Even by using larger 4096 keys maybe it's best to move away from rsa keys altogether. 

This PR updates the document to suggest using ed25519 keys which, at this time, defaults to a 16 round key deviation function. It may be useful to suggest more rounds for the KDF but that's for a different PR. 

--timball

* Add RSA fallback and change id_rsa to id_ed25519

Co-authored-by: hubwriter &lt;54933897+hubwriter@users.noreply.github.com&gt;
Co-authored-by: hubwriter &lt;hubwriter@github.com&gt;
diff --git a/content/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent.md b/content/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent.md
@@ -20,34 +20,42 @@ If you don't want to reenter your passphrase every time you use your SSH key, yo
 {% data reusables.command_line.open_the_multi_os_terminal %}
 2. Paste the text below, substituting in your {% data variables.product.product_name %} email address.
   ```shell
-  $ ssh-keygen -t rsa -b 4096 -C "<em>your_email@example.com</em>"
+  $ ssh-keygen -t ed25519 -C "<em>your_email@example.com</em>"
   ```
+  {% note %}
+
+  **Note:** If you are using a legacy system that doesn't support the Ed25519 algorithm, use:
+  ```shell
+   $ ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
+  ```
+
+  {% endnote %}  
   This creates a new ssh key, using the provided email as a label.
   ```shell
-  > Generating public/private rsa key pair.
+  > Generating public/private ed25519 key pair.
   ```
 3. When you're prompted to "Enter a file in which to save the key," press Enter. This accepts the default file location.
 
   {% mac %}
 
   ```shell
-  > Enter a file in which to save the key (/Users/<em>you</em>/.ssh/id_rsa): <em>[Press enter]</em>
+  > Enter a file in which to save the key (/Users/<em>you</em>/.ssh/id_ed25519): <em>[Press enter]</em>
   ```
 
   {% endmac %}
 
   {% windows %}
 
   ```shell
-  > Enter a file in which to save the key (/c/Users/<em>you</em>/.ssh/id_rsa):<em>[Press enter]</em>
+  > Enter a file in which to save the key (/c/Users/<em>you</em>/.ssh/id_ed25519):<em>[Press enter]</em>
   ```
 
   {% endwindows %}
 
   {% linux %}
 
   ```shell
-  > Enter a file in which to save the key (/home/<em>you</em>/.ssh/id_rsa): <em>[Press enter]</em>
+  > Enter a file in which to save the key (/home/<em>you</em>/.ssh/id_ed25519): <em>[Press enter]</em>
   ```
 
   {% endlinux %}
@@ -81,18 +89,18 @@ Before adding a new SSH key to the ssh-agent to manage your keys, you should hav
       $ touch ~/.ssh/config
       ```
 
-    * Open your `~/.ssh/config` file, then modify the file, replacing ` ~/.ssh/id_rsa` if you are not using the default location and name for your `id_rsa` key.
+    * Open your `~/.ssh/config` file, then modify the file, replacing ` ~/.ssh/id_ed25519` if you are not using the default location and name for your `id_ed25519` key.
 
       ```
       Host *
         AddKeysToAgent yes
         UseKeychain yes
-        IdentityFile ~/.ssh/id_rsa
+        IdentityFile ~/.ssh/id_ed25519
       ```
 
 3. Add your SSH private key to the ssh-agent and store your passphrase in the keychain. {% data reusables.ssh.add-ssh-key-to-ssh-agent %}
    ```shell
-   $ ssh-add -K ~/.ssh/id_rsa
+   $ ssh-add -K ~/.ssh/id_ed25519
   ```
   {% note %}
 
