On Mon, Nov 07, 2022 at 01:45:28AM -0500, A Tammy wrote: > > On 11/6/22 09:29, Job Snijders wrote: > > Dear all, > > > > Support for using Ed25519 for server and user authentication was > > introduced in 2014. I like the compactness of Ed25519 public keys. > > > > Perhaps now is a good time to make Ed25519 the default key type when > > invoking ssh-keygen(1) without arguments? > > I'd love this to happen. > > I think there are a few large platforms, e.g. AWS, which aren't > supporting these keys (at least I couldn't add mine and had to add the > rsa one). It might be a good push for them to finally add support :D
yeah! AWS is the only reason I have a rsa key now. > > aisha > > > Kind regards, > > > > Job > > > > Index: ssh-keygen.1 > > =================================================================== > > RCS file: /cvs/src/usr.bin/ssh/ssh-keygen.1,v > > retrieving revision 1.226 > > diff -u -p -r1.226 ssh-keygen.1 > > --- ssh-keygen.1 10 Sep 2022 08:50:53 -0000 1.226 > > +++ ssh-keygen.1 6 Nov 2022 13:31:19 -0000 > > @@ -185,7 +185,7 @@ The type of key to be generated is speci > > option. > > If invoked without any arguments, > > .Nm > > -will generate an RSA key. > > +will generate an ed25519 key. > > .Pp > > .Nm > > is also used to generate groups for use in Diffie-Hellman group > > Index: ssh-keygen.c > > =================================================================== > > RCS file: /cvs/src/usr.bin/ssh/ssh-keygen.c,v > > retrieving revision 1.459 > > diff -u -p -r1.459 ssh-keygen.c > > --- ssh-keygen.c 11 Aug 2022 01:56:51 -0000 1.459 > > +++ ssh-keygen.c 6 Nov 2022 13:31:21 -0000 > > @@ -61,12 +61,6 @@ > > #include "ssh-pkcs11.h" > > #endif > > > > -#ifdef WITH_OPENSSL > > -# define DEFAULT_KEY_TYPE_NAME "rsa" > > -#else > > -# define DEFAULT_KEY_TYPE_NAME "ed25519" > > -#endif > > - > > /* > > * Default number of bits in the RSA, DSA and ECDSA keys. These value can > > be > > * overridden on the command line. > > @@ -252,7 +246,7 @@ ask_filename(struct passwd *pw, const ch > > char *name = NULL; > > > > if (key_type_name == NULL) > > - name = _PATH_SSH_CLIENT_ID_RSA; > > + name = _PATH_SSH_CLIENT_ID_ED25519; > > else { > > switch (sshkey_type_from_name(key_type_name)) { > > case KEY_DSA_CERT: > > @@ -3748,7 +3742,7 @@ main(int argc, char **argv) > > } > > > > if (key_type_name == NULL) > > - key_type_name = DEFAULT_KEY_TYPE_NAME; > > + key_type_name = "ed25519"; > > > > type = sshkey_type_from_name(key_type_name); > > type_bits_valid(type, key_type_name, &bits); > > >