Improve the security of your SSH private key files with PKCS#8
Instead of the easily brute-forceable one-pass MD5/AES128 password protection format used by SSH per default, you should use the PKCS#8 format to store your private key files. PKCS#8 allows to choose proper key-derivation functions and encryption schemes (for example PBKDF2 and PBES2).
The following commands convert an existing password protected SSH private key file to PKCS#8 format (using PBKDF2, PBES2 and AES-256):
mv ~/.ssh/id_rsa{,.old} openssl pkcs8 -topk8 -v2 aes256 -in ~/.ssh/id_rsa.old -out ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa rm ~/.ssh/id_rsa.old
(via Martin Kleppmann)