Skip to main content
Entirius
AI platform for e-commerce
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

ADR-018: ED25519 SSH Keys Standard

Status

Status: Accepted Date: 2025-09-16 Authors: Development Team

Decision

Use ED25519 SSH keys for all authentication instead of RSA keys.

Use: ED25519 SSH keys Instead of: RSA SSH keys Reason: Better security, performance, and smaller key size with equivalent or superior cryptographic strength.

Quick Reference

Generate ED25519 SSH key:

ssh-keygen -t ed25519 -C "[email protected]"

For systems requiring legacy compatibility:

ssh-keygen -t rsa -b 4096 -C "[email protected]"

Context

SSH key authentication is used throughout the Entirius infrastructure for secure access to servers, Git repositories, and automated deployments. The choice of key algorithm affects security, performance, and compatibility.

Rationale

  • Primary benefit: ED25519 provides equivalent security to RSA-4096 with 256-bit keys vs 4096-bit keys
  • Trade-offs: Some very old systems may not support ED25519 (pre-2014 OpenSSH versions)
  • Impact: Faster key generation, smaller keys, better performance, and future-proof cryptography
  • ADR-017: SSH access for KVM-based services