Most users would simply type ssh-keygen and accept what they're given by default. But what are the best practices for generating ssh keys with ssh-keygen? For example: Use -o for the OpenSSH key format rather than the older PEM format (OpenSSH 6.5 introduced this feature years ago on 2014-01-30) How should one calculate how many rounds of KDF to use with -a? Should -T be used to test the candidate
![What are ssh-keygen best practices?](https://cdn-ak-scissors.b.st-hatena.com/image/square/607c9a5b547035c04a5f003638d1e6c0a781741f/height=288;version=1;width=512/https%3A%2F%2Fcdn.sstatic.net%2FSites%2Fsecurity%2FImg%2Fapple-touch-icon%402.png%3Fv%3D497726d850f9)