[patch] ssh-keygen(1): by default generate ed25519 key (instead of rsa)

Darren Tucker dtucker at dtucker.net
Mon Nov 7 08:40:08 AEDT 2022


On Mon, 7 Nov 2022 at 00:51, Job Snijders <job at openbsd.org> wrote:
[...]
> Perhaps now is a good time to make Ed25519 the default when invoking
> ssh-keygen(1) without arguments?

I don't think so.  Outside of DSA (which is REQUIRED in RFC4253 but is
considered weak these days), RSA keys are the most widely supported
key type and thus most likely to work in any given situation, which
makes them an appropriate default.  If you know this is not the case
for your environment, that's what "-t" is for.

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list