You are not logged in.
Since sshd 7.0p1, some keys are no longer accepted, id_dsa is deprecated.
Since I rely on these types of keys a lot with different servers, I have two options. I could follow the wiki and re-enable the acceptance of those keys:
PubkeyAcceptedKeyTypes +ssh-dss... or I could just replace all such keys with new up-to-date state of the art secure keys. Question is, what kind of encryption is recommended?
*edited, more to the point question
Last edited by Cobra (2015-09-02 15:32:54)
Offline
You already setup the old keys at some point, right? But if you forgot, the wiki's got you covered: https://wiki.archlinux.org/index.php/SS … H_key_pair
It also says something about choosing the encryption and I'm sure there are plenty of second/third/... opinions out there on the web.
Last edited by Raynman (2015-09-02 15:08:18)
Offline
Yeah sorry my concern was only about which type of encryption to use. I modified my question to better reflect that. Which encryption type is considered the best to use anno 2015?
Looks like ed25519 is the only viable long-term option?
ssh-keygen -t ed25519Reasoning? DSA is deprecated, RSA is and older protocol, ECDSA is suspicious because of the NIST curves so doesn't seem advisable to use. Any opinions or nuances? Thanks.
Offline
Marked this as solved -> I generated an ed25519 key and will update all my remaining deprecated keys accordingly. Perhaps if someone has another suggestion, I'll read it here.
Offline