Everyone knows how to generate a new SSH key: ssh-keygen -t ed25519 (you really should be using ed25519 if your environment supports it). What most people don’t realize is that you can make your private key more robust against brute forcing if an unauthorized party gets access to it with a single additional option. That option is the -a <NUMBER> option. This option tells ssh-keygen to use the number specified of Key Derivation Rounds to use when generating the key. E.g.:
