Question about ssh key generation
Shawn O'Shea
shawn at eth0.net
Tue Feb 16 16:09:00 EST 2021
My understanding (your mileage may vary).
* dsa used to be a goto, but is now considered bad/insecure
* rsa is still the default in many ssh configs, but is starting to also be
considered not secure
* ed25519 is considered pretty secure, but the impression I've been given
is that it is new-ish enough that not all distro's sshes may have it
available
* ecdsa is supposed to be pretty ubiquitous now and is a good comprise
between better secure keys and wide-availability in installed openssh
systems.
This is just my impression from seeing various blog posts, tweets and
podcast discussions, so others may have better answers/guidance.
-Shawn
On Tue, Feb 16, 2021 at 4:04 PM Bruce Labitt <bruce.labitt at myfairpoint.net>
wrote:
> Gitlab is asking for ssh keys now. Is there a recommended type of key
> these days?
>
> man ssh-key gives me the following choices: dsa | ecdsa | ecdsa-sk |
> ed25519 | ed25519-sk | rsa
>
> Which should I choose? Which ones offer the longer/longest key length
> (best security?)
>
> Sorry for the simplistic question, not done this before. Any insight
> would be helpful.
>
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/pipermail/gnhlug-discuss/attachments/20210216/b1f5076e/attachment.html
More information about the gnhlug-discuss
mailing list