Hello I'm working on switching all my keys to ed25519. I've ran this command:
ssh-keygen -t ed25519 -C "user on server"
now it generates a private key and a public key. I copy the public key into the authorized_keys on the HOST (server) and then I was doing these permissions (on the server of course):
HostKey /etc/ssh/ssh_host_ed25519_key
PermitRootLogin no
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
My login seems fine, I can login without password and it doesn't allow me to login with a password. On my client I have id_ed25519 and id_ed25519.pub.
One major question I have is why can I edit and change id_ed25519 (the private key) and change some letters in it without having login issues? It isn't until I've edited several letters that I get an error.
My other question is how would I generate a new key for a different server? I want separate keys for separate servers as some computers have access to these servers and others do not. as a security measure if a private / pub key got stolen I'd like to know that machine is compromised but the keys that weren't on that machine were not compromised.
Thanks.