Initial Setup of ED25519 SSH Keys

This document provides instructions for generating and configuring ED25519 SSH keys on Ubuntu Linux, macOS, and Windows. ED25519 keys are more secure and performant compared to RSA and are the preferred choice for modern SSH authentication.

Why ED25519?

Smaller key size with comparable (or better) security than RSA
Faster key generation and authentication
Built-in resistance to some side-channel attacks

1. Ubuntu Linux

Step 1: Generate the SSH Key

Open a terminal and run:

ssh-keygen -t ed25519 -C "your.email@example.com"

When prompted to enter a file location, press Enter to accept the default (~/.ssh/id_ed25519).
Choose a passphrase or leave it empty for no passphrase (not recommended for production use).

Step 2: Verify Key Creation

ls ~/.ssh/id_ed25519*

You should see:

id_ed25519 — your private key
id_ed25519.pub — your public key

Step 3: Add SSH Key to Agent

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519

2. macOS

Step 1: Generate the SSH Key

Open Terminal and run:

ssh-keygen -t ed25519 -C "your.email@example.com"

Use the default location (/Users/youruser/.ssh/id_ed25519) unless you have a specific reason to change it.

Step 2: Start the SSH Agent and Add the Key

macOS typically uses launchctl to manage the agent.

eval "$(ssh-agent -s)"
ssh-add --apple-use-keychain ~/.ssh/id_ed25519

This command stores the passphrase in the macOS keychain.

Create or edit ~/.ssh/config:

Host *
  AddKeysToAgent yes
  UseKeychain yes
  IdentityFile ~/.ssh/id_ed25519

3. Windows (with Git Bash or WSL)

Option A: Using Git Bash

Open Git Bash
Run:

ssh-keygen -t ed25519 -C "your.email@example.com"

Press Enter to use the default location (C:\Users\YourUser\.ssh\id_ed25519).

Add the key to the agent:

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519

Note: You may need to install OpenSSH if not available.

Option B: Using Windows Subsystem for Linux (WSL)

Inside your WSL terminal (e.g., Ubuntu):

ssh-keygen -t ed25519 -C "your.email@example.com"
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519

You can now use SSH from within WSL just like on Ubuntu.

Copying Your Public Key

To copy the public key to a remote server or Git provider:

cat ~/.ssh/id_ed25519.pub

Then copy and paste the contents into your desired system (e.g., GitHub, GitLab, remote server’s ~/.ssh/authorized_keys).

Troubleshooting

Permission errors: Ensure .ssh directory and key files have correct permissions:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/id_ed25519.pub

SSH agent not running: Use eval "$(ssh-agent -s)" before ssh-add.
Windows + Pageant conflicts: On Windows with PuTTY/Pageant, ensure ssh-agent is used instead or keys are converted with PuTTYgen.

Summary

OS	Command Example
Ubuntu	`ssh-keygen -t ed25519`
macOS	`ssh-keygen -t ed25519` + keychain use
Windows	`ssh-keygen -t ed25519` via Git Bash or WSL

For further integration (e.g., GitHub, server provisioning), contact DevOps or consult the relevant infrastructure onboarding guide.

Initial Setup of ED25519 SSH Keys

Why ED25519?

1. Ubuntu Linux

Step 1: Generate the SSH Key

Step 2: Verify Key Creation

Step 3: Add SSH Key to Agent

2. macOS

Step 1: Generate the SSH Key

Step 2: Start the SSH Agent and Add the Key

Step 3: (Optional) Auto-load SSH Key on Login

3. Windows (with Git Bash or WSL)

Option A: Using Git Bash

Option B: Using Windows Subsystem for Linux (WSL)

Copying Your Public Key

Troubleshooting

Summary