Here are some reminders for securely generating SSH keys.

How to generate a modern ED25519 SSH key

To generate a good default ssh key in the default path ~/.ssh/id_ed25519 :

ssh-keygen -t ed25519 -a 100

To generate a good SSH key with specified output file path ( -f ) and descriptive comment ( -C ):

ssh-keygen -t ed25519 -a 100 -f "~/.ssh/id_ed25519-${USER}-${HOSTNAME%%.*}" -C "${USER}@${HOSTNAME}"

How to generate a legacy RSA SSH key

To generate a reasonably secure legacy RSA SSH key in the default path ~/.ssh/id_rsa:

ssh-keygen -t rsa -b 4096 -a 100

Notes

• You can mix and match any of the afformentioned flags as needed.
• For pre-2014 OpenSSH versions prior to v6.5, you will need to add the -o flag in order to generate the standard OpenSSH key format, otherwise it will use the older .PEM format.
• If for some reason you need to generate the older .PEM format using the post-2014 OpenSSH 6.5 and later, just add -m PEM flag.