lazyweb: I have like 4 SSH keys of varying types. I want to have 1 SSH key. I don't understand the different types of encryption, what should I do for the best security for that new One Key To Rule Them All?
@foone I have multiple types too, depending on server they don't support all encryption types. Currently using ed25519 when I can and rsa when I must.
@foone I can’t remember when I last found a service that didn’t yet support Ed25519
seems the answer is ed25519. I already had one of those made relatively recently, so I'm just promoting it to THE ONE TRUE SSH KEY
@foone wish i could do that, but some shit i run only support weird ciphers and keys. :P
@gewt I'm gonna keep old ones around for those, but I just wanna default to a nice secure key for the 90% of machines I connect to which re running modern linux/bsd
ed25519 is the only one I have the patience to type in if I don't have any other way of copying it to the remote host.
Anything ECDSA will do really, though some curves are better than others.
Personally I have an RSA key for annoying old machines and a NIST P-384 key for everything else, but ed25519 is pretty popular too and in the same ball park.
Some people don't like the NIST curves because the NSA muddled with Dual_EC_DRBG, but that incident was suspected before confirmed by Snowden, and no similar suspicions exist for the NIST curves.
... Except that ed25519 isn't ECDSA, it's EdDSA.
Similar enough that it doesn't really matter for the above advice, but still.
- replies
- 0
- announces
- 0
- likes
- 0