Generating a public/private keypair the right way

From the command line:

# ssh-keygen -t rsa -b 4096 -o -a 100

-a rounds
When saving a new-format private key (i.e. an
ed25519 key or any SSH protocol 2 key when the
-o flag is set), this option specifies the number
of KDF (key derivation function) rounds used.
Higher numbers result in slower passphrase
verification and increased resistance to brute-force
password cracking (should the keys be stolen).

-b bits
Specifies the number of bits in the key to create.
For RSA keys, the minimum size is 1024 bits and the
default is 2048 bits. Generally, 2048 bits is considered
sufficient. DSA keys must be exactly 1024 bits as
specified by FIPS 186-2.
-o Causes ssh-keygen to save private keys
using the new OpenSSH format rather than the
more compatible PEM format. The new format
has increased resistance to brute-force
password cracking but is not supported by
versions of OpenSSH prior to 6.5. Ed25519
keys always use the new private key format.

-t dsa | ecdsa | ed25519 | rsa | rsa1
Specifies the type of key to create. The possible
values are “rsa1” for protocol version 1 and “dsa”,
“ecdsa”, “ed25519”, or “rsa” for protocol version 2.

A customer recently asked me, "Is there a way to look at a configuration file, without all the comments and excess blank lines?"

Yes, there is! You can use the sed utility to display the contents of a file, omitting any blank lines, and omitting any lines that start with the "#" character (which denotes that the line is a comment), like this: 

sed -e '/^ *#/d' -e '/^$/d' /etc/httpd/conf/httpd.conf

In this example, I am using the sed command to display the content of the httpd.conf file. The -e option allows me to apply an edit to the stream of output. The first edit ('/^ *#/d') instructs sed to search the output for any lines starting with "#" and delete them. The second edit instructs sed to look for blank lines and delete them. It helps to understand basic Regular Expressions, which is an entire other discussion. 
Given a list of hostnames (one per line) in a file named hosts-list, ssh into each server in turn, sudo to root, and execute a command with sudo permissions, You will need to type in the password twice, unless you use an utility like Keepass, that allows you to copy/paste your password. This method makes it very quick and convenient to go thru a long list of servers, to perform a simple admin task. 


for name in $(cat hosts-list); do (ssh -t -o StrictHostKeyChecking=no my.username@${name} 'sudo su - -c "uname -a ; yum clean all"' 2> /dev/null) ; done