Change SSH key generation instructions to use the Ed25519 algorithm

[hubwriter]

This is a follow-up to pull request #362, raised by @timball, which changed the recommended key signature algorithm from RSA to the more secure Ed25519.

There are another couple of topics that we should also update to match.

What article on docs.github.com is affected?

• "Monitoring cluster nodes"
• "Creating a pre-receive hook script"

What part(s) of the article would you like to see updated?

"Monitoring cluster nodes"

• In step 1 change:

nagiosuser@nagios:~$ ssh-keygen -t rsa -b 4096

to:

nagiosuser@nagios:~$ ssh-keygen -t ed25519

• change:

Generating public/private rsa key pair.

to:

Generating public/private ed25519 key pair.

• After the security warning box in step 1 add a note box:

  {% note %}

  **Note:** If you're using a distribution of Linux that doesn't support the Ed25519 algorithm, use the command:
  ```shell
  nagiosuser@nagios:~$ ssh-keygen -t rsa -b 4096
  ```

  {% endnote %}

Note that the blank lines in the above (after the opening note tag and before the closing tag) are required.

• At the end of step 3, change ssh-rsa AAAA.... to ssh-ed25519 AAAA....

• Change all instances of id_rsa in the rest of the page to id_ed25519

---

"Creating a pre-receive hook script"

• In step 2 of "Testing pre-receive scripts locally", change:

  ssh-keygen -t rsa -b 4096 -f /home/git/.ssh/id_rsa -P '' && \
  mv /home/git/.ssh/id_rsa.pub /home/git/.ssh/authorized_keys && \

to:

  ssh-keygen -t ed25519 -f /home/git/.ssh/id_ed25519 -P '' && \
  mv /home/git/.ssh/id_ed25519.pub /home/git/.ssh/authorized_keys && \

• In step 5 of the same section, change:

> Step 2 : RUN apk add --no-cache git openssh bash && ssh-keygen -A && sed -i "s/#AuthorizedKeysFile/AuthorizedKeysFile/g"  /etc/ssh/sshd_config && adduser git -D -G root -h /home/git -s /bin/bash && passwd -d git && su git -c "mkdir /home/git/.ssh && ssh-keygen -t rsa -b 4096 -f /home/git/.ssh/id_rsa -P ' && mv /home/git/.ssh/id_rsa.pub /home/git/.ssh/authorized_keys && mkdir /home/git/test.git && git --bare init /home/git/test.git"
>  ---> Running in e9d79ab3b92c

to:

> Step 2 : RUN apk add --no-cache git openssh bash && ssh-keygen -A && sed -i "s/#AuthorizedKeysFile/AuthorizedKeysFile/g"  /etc/ssh/sshd_config && adduser git -D -G root -h /home/git -s /bin/bash && passwd -d git && su git -c "mkdir /home/git/.ssh && ssh-keygen -t ed25519 -f /home/git/.ssh/id_ed25519 -P ' && mv /home/git/.ssh/id_ed25519.pub /home/git/.ssh/authorized_keys && mkdir /home/git/test.git && git --bare init /home/git/test.git"
>  ---> Running in e9d79ab3b92c

• and change:

> Generating public/private rsa key pair.
> Your identification has been saved in /home/git/.ssh/id_rsa.
> Your public key has been saved in /home/git/.ssh/id_rsa.pub.

to:

> Generating public/private ed25519 key pair.
> Your identification has been saved in /home/git/.ssh/id_ed25519.
> Your public key has been saved in /home/git/.ssh/id_ed25519.pub.

• In step 9 change:

$ docker cp data:/home/git/.ssh/id_rsa .

to:

$ docker cp data:/home/git/.ssh/id_ed25519 .

• In step 10 change:

$ GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 52311 -i ../id_rsa" git push -u test main

to:

$ GIT_SSH_COMMAND="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 52311 -i ../id_ed25519" git push -u test main

[keremgocen]

I'd like to take this if no one else has 👋

[NicoHood]

Just to be 100% sure: Is Ed25519 now fully supported by Github? When I wrote some docs about this 3 years ago it was not. I recommended people using RSA4k, but if that changed, I will also recommend Ed25519.

[hubwriter]

@NicoHood - yes, we support SSH keys generated using the Ed25519 algorithm.
If you go to https://github.com/settings/ssh/new you can see the types we allow people to upload.
Thanks for checking. All the best.