On 2020/10/08 15:40, Christian Weisgerber wrote: > At this point, I don't know how many SSH servers are still out there > that don't handle Ed25519. I still have an ECDSA key somewhere > that I use to log into a machine that still runs... "OpenSSH_6.0p1 > Debian-4+deb7u7, OpenSSL 1.0.1t 3 May 2016". There is a lot of > networking equipment that allows uploading of a user key for SSH > login but may include a comically obsolete version of OpenSSH or > some alternative implementation that doesn't do Ed25519.
I don't think that's a show-stopper, people using such equipment likely already need to do non-default things to have OpenSSH connect to it, My typical config for connecting to switches, including some current models running latest available firmware, looks like KexAlgorithms +diffie-hellman-group14-sha1 HostKeyAlgorithms +ssh-rsa (and I still have a few things running where I need to break out an alternative client because openssh won't talk to them at all any more..)