For a long time,
I wanted to switch all my SSH keys from
A lot of online tutorials default to
which generates long and potentially less secure keys.
I was once a victim of such crap.
Fortunately, there is an alternative:
ed25519 generates much shorter public keys,
and the encryption speed is apparently faster than
Why do those tutorials keep recommending
However, I had to keep using my old SSH keys, since some of my old servers still use the old key. This is easy to solve in Linux: Just use the old and new keys in parallel.
Unortunately I also have a MacBook. Since macOS is a Unix system, the procedures for generating and using multiple keys should be common.
So I tried to use the standard procedures from Linux.
Generating SSH keys
ed25519 is definitely worth it.
ssh-keygen -t ed25519 -f ~/.ssh/new_key
In Linux, the new key should work automatically. I assumed that macOS’s SSH would also work that way. So I was perplexed when my servers did not recognize the new keys.
After searching for a few days, I found out the issue: macOS’s SSH uses keyrings. You need to manually add generated SSH keys to the keyring.
Add new key to macOS keychain
Note that some macOS system might have a different version of
It is required to use the version bundled with macOS.
/usr/bin/ssh-add -K ~/.ssh/new_key
Now you have your new
ed25519 SSH keys.
In my experience, this results in faster initial connection latency.
And shorter pubkey is just better.