I've been working with Debian 13 and trying to get my SSH keys sorted out. During some troubleshooting, I noticed a message saying "RSA key is not allowed." It turned out my real issue was a permissions problem on the key path, but while researching, I found that RSA has been somewhat phased out in favor of ED25519 for various reasons, such as speed and security. Some servers I manage are still using RSA keys, particularly on Debian 11. I generated a key with ssh-keygen and it displayed as "4096 SHA256..." which seems acceptable. Should I go ahead and update all my keys to ED25519 for better security and compatibility?
1 Answer
Given that it's 2025, I think it's a good idea to use ED25519 as the default for new keys. While RSA still functions well, it's becoming more of a legacy option and ED25519 offers better security and performance. Switching now could save you hassle later!
I appreciate your insight! Thanks for the advice.