ssh-keygen -t ed25519-sk<\/code><\/pre>\n\n\n\nYou obtain this type of output:<\/p>\n\n\n\n
Generating public\/private ed25519-sk key pair.\nYou may need to touch your authenticator to authorize key generation.\nEnter passphrase (empty for no passphrase): \nEnter same passphrase again: \nYour identification has been saved in \/home\/sycured\/.ssh\/demo_ed25519-sk\nYour public key has been saved in \/home\/sycured\/.ssh\/demo_ed25519-sk.pub\nThe key fingerprint is:\nSHA256:c3J9KE2GsDr4gXE0OYfkNqC\/ApDE5r7gP5sK2SiHUZY sycured@x9\nThe key's randomart image is:\n+[ED25519-SK 256]-+\n|.. ..+o. |\n|.+ o ++..o . |\n|= E . =o. . o |\n|.+ . * o = . |\n|+ + + S + + . |\n|.O o o = . . |\n|O = . . |\n|o+ o. |\n| .o+o |\n+----[SHA256]-----+<\/code><\/pre>\n\n\n\nThe most important part is You may need to touch your authenticator to authorize key generation.<\/strong><\/p>\n\n\n\nEach time that you want to use this key, you’ll need your physical security key (Yubikey & co) otherwise it’ll be impossible.<\/p>\n\n\n\n
For critical accounts\/repositories, it must be enforced with 1 to 3 spares stored in different safe places.
Yes, you’ll need to generate an ed25519-sk with each but it’s nothing compared to losing your access.<\/p>\n\n\n\n
Git hosting<\/h3>\n\n\n\n\u26d4 Bitbucket<\/h2>\n\n\n\n
![\"\"](\"http:\/\/sycured.127.0.0.1.sslip.io\/wp-content\/uploads\/2024\/01\/bitbucket-sk.jpeg\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/sycured.127.0.0.1.sslip.io\/wp-content\/uploads\/2024\/01\/gitea-sk.jpeg\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/sycured.127.0.0.1.sslip.io\/wp-content\/uploads\/2024\/01\/gitee-sk-1-1024x290.jpeg\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/sycured.127.0.0.1.sslip.io\/wp-content\/uploads\/2024\/01\/gitee-sk-2.jpeg\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/sycured.127.0.0.1.sslip.io\/wp-content\/uploads\/2024\/01\/github-sk.jpeg\")
<\/figure>\n\n\n\n![\"\"](\"http:\/\/sycured.127.0.0.1.sslip.io\/wp-content\/uploads\/2024\/01\/gitlab-sk-1024x366.jpeg\")
<\/figure>\n\n\n\n