Re: ssh-keygen and rsa Keys

To: debian-user@lists.debian.org
Subject: Re: ssh-keygen and rsa Keys
From: Lars Noodén <lars.nooden@gmail.com>
Date: Tue, 27 Sep 2016 08:56:26 +0300
Message-id: <[🔎] e8436ae1-8447-f96f-8004-673df4deaec4@gmail.com>
In-reply-to: <[🔎] E1bodJO-0004tl-3A@localhost>
References: <[🔎] E1bodJO-0004tl-3A@localhost>

On 09/27/2016 12:19 AM, Martin McCormick wrote:
>...
> 	The short story is that the Mac now uses openssh-7
> instead of open-ssh-6. Dsa encryption keys have been declared
> obsolete for some time now and openssh-7 defaults to ignoring
> any id_dsa.pub keys you might have been using.
>...

That brings up two things to my mind.

First is with client authentication that one should start planning ahead
for elliptical curve cryptography :

https://www.gnupg.org/faq/gnupg-faq.html#please_use_ecc

Ed25519 seems to be the way forward there, for now.

Second, the server identification keys ought to be addressed too, so
that DSA is also turned off there.  The servers are targets for MitM
attacks if they leave up the option for host identification via DSA
keys.  Turning off DSA requires a bit of planning if there are many
accounts using the server.

Regards,
Lars

Reply to:

References:
- ssh-keygen and rsa Keys
  - From: "Martin McCormick" <martin.m@suddenlink.net>

Prev by Date: Re: Failed to execute child process (no such file or directory), but the script DOES exist in $HOME/bin, openbox users, especially take a look, please.
Next by Date: Re: Issues with SSH pubkey authentication at remote server
Previous by thread: ssh-keygen and rsa Keys
Next by thread: usb permission denied
Index(es):
- Date
- Thread