[patch] ssh-keygen(1): by default generate ed25519 key (instead of rsa)
Jochen Bern
Jochen.Bern at binect.de
Wed Nov 9 02:15:18 AEDT 2022
On 07.11.22 05:39, Christoph Anton Mitterer wrote:
> Shouldn't the defaults in general be whatever the most (S)ecure (as in
> SSH) is?
> Regardless of whether that is RSA, Ed25519 or something else in this
> specific case.
My .02: The most secu(R)e (as in "Resilient") default would encourage
users to have at least *two* keypairs of different algos at hand.
[I still remember the day after automated nightly updates had washed a
vendor's panicky "let's disable DSA" into our platforms and I was the
only sysadmin to *also* have an "old-fashioned, unnecessarily huge"
*RSA* pubkey distributed onto the target machines]
Regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20221108/85f169ce/attachment.p7s>
More information about the openssh-unix-dev
mailing list