lazyweb: I have like 4 SSH keys of varying types. I want to have 1 SSH key. I don't understand the different types of encryption, what should I do for the best security for that new One Key To Rule Them All?
@foone I have multiple types too, depending on server they don't support all encryption types. Currently using ed25519 when I can and rsa when I must.
@foone I can’t remember when I last found a service that didn’t yet support Ed25519
seems the answer is ed25519. I already had one of those made relatively recently, so I'm just promoting it to THE ONE TRUE SSH KEY
@foone wish i could do that, but some shit i run only support weird ciphers and keys. :P
@gewt I'm gonna keep old ones around for those, but I just wanna default to a nice secure key for the 90% of machines I connect to which re running modern linux/bsd
ed25519 is the only one I have the patience to type in if I don't have any other way of copying it to the remote host.
Anything ECDSA will do really, though some curves are better than others.
Personally I have an RSA key for annoying old machines and a NIST P-384 key for everything else, but ed25519 is pretty popular too and in the same ball park.
Some people don't like the NIST curves because the NSA muddled with Dual_EC_DRBG, but that incident was suspected before confirmed by Snowden, and no similar suspicions exist for the NIST curves.
- replies
- 1
- announces
- 0
- likes
- 0
... Except that ed25519 isn't ECDSA, it's EdDSA.
Similar enough that it doesn't really matter for the above advice, but still.