Re: ssh-keygen(1): by default generate ed25519 key (instead of rsa)

Mon, 07 Nov 2022 03:47:16 -0800 

On Mon, Nov 07, 2022 at 01:45:28AM -0500, A Tammy wrote:
> 
> On 11/6/22 09:29, Job Snijders wrote:
> > Dear all,
> >
> > Support for using Ed25519 for server and user authentication was
> > introduced in 2014. I like the compactness of Ed25519 public keys.
> >
> > Perhaps now is a good time to make Ed25519 the default key type when
> > invoking ssh-keygen(1) without arguments?
> 
> I'd love this to happen.
> 
> I think there are a few large platforms, e.g. AWS, which aren't
> supporting these keys (at least I couldn't add mine and had to add the
> rsa one). It might be a good push for them to finally add support :D

yeah!

AWS is the only reason I have a rsa key now.

> 
> aisha
> 
> > Kind regards,
> >
> > Job
> >
> > Index: ssh-keygen.1
> > ===================================================================
> > RCS file: /cvs/src/usr.bin/ssh/ssh-keygen.1,v
> > retrieving revision 1.226
> > diff -u -p -r1.226 ssh-keygen.1
> > --- ssh-keygen.1    10 Sep 2022 08:50:53 -0000      1.226
> > +++ ssh-keygen.1    6 Nov 2022 13:31:19 -0000
> > @@ -185,7 +185,7 @@ The type of key to be generated is speci
> >  option.
> >  If invoked without any arguments,
> >  .Nm
> > -will generate an RSA key.
> > +will generate an ed25519 key.
> >  .Pp
> >  .Nm
> >  is also used to generate groups for use in Diffie-Hellman group
> > Index: ssh-keygen.c
> > ===================================================================
> > RCS file: /cvs/src/usr.bin/ssh/ssh-keygen.c,v
> > retrieving revision 1.459
> > diff -u -p -r1.459 ssh-keygen.c
> > --- ssh-keygen.c    11 Aug 2022 01:56:51 -0000      1.459
> > +++ ssh-keygen.c    6 Nov 2022 13:31:21 -0000
> > @@ -61,12 +61,6 @@
> >  #include "ssh-pkcs11.h"
> >  #endif
> >  
> > -#ifdef WITH_OPENSSL
> > -# define DEFAULT_KEY_TYPE_NAME "rsa"
> > -#else
> > -# define DEFAULT_KEY_TYPE_NAME "ed25519"
> > -#endif
> > -
> >  /*
> >   * Default number of bits in the RSA, DSA and ECDSA keys.  These value can 
> > be
> >   * overridden on the command line.
> > @@ -252,7 +246,7 @@ ask_filename(struct passwd *pw, const ch
> >     char *name = NULL;
> >  
> >     if (key_type_name == NULL)
> > -           name = _PATH_SSH_CLIENT_ID_RSA;
> > +           name = _PATH_SSH_CLIENT_ID_ED25519;
> >     else {
> >             switch (sshkey_type_from_name(key_type_name)) {
> >             case KEY_DSA_CERT:
> > @@ -3748,7 +3742,7 @@ main(int argc, char **argv)
> >     }
> >  
> >     if (key_type_name == NULL)
> > -           key_type_name = DEFAULT_KEY_TYPE_NAME;
> > +           key_type_name = "ed25519";
> >  
> >     type = sshkey_type_from_name(key_type_name);
> >     type_bits_valid(type, key_type_name, &bits);
> >
>

Reply via email to