Following the recent post about upgrading SSH keys to ED25519, I am wondering what the best practises (regarding security) for using SSH keys are.
For example:
- Is it better to use a different passphrase on each key, or does using the same one not matter much?
- How much less secure is it to not use a passphrase on a key?
- Should you use a different key per user account, per server, or per use-case (i.e. personal or work)?
- Does increasing the amount of bits in a key really have an effect on the security of the key, or does it not make much difference in a real-world use?
- How/Where should private keys be stored on a device using them?
- What are some of the pros and cons from a security standpoint, and how may doing different things affect the usability of a key?