The ssh-keygen program used to generate keys for Secure Shell logins under the OpenSSH project is preparing to change the default key generation process from RSA to Ed25519. The Ed25519 key is an elliptic curve key that has been supported in OpenSSH since version 6.5, which was released almost ten years ago in 2014. One clear advantage of the Ed25519 key is that it is much smaller in size and overall more efficient. The key exchange process still uses the Diffie Hellman algorithm. OpenSSH supports three types of RSA keys: RSA-SHA1, which is easily hackable, RSA-SHA256, and RSA-SHA2-512. OpenSSH has already discontinued the use of RSA-SHA1, but the other two types are still in use as the main choices since OpenSSH 7.2. Although OpenSSH supports other elliptic curve authentication processes such as ECDSA, Ed25519 was introduced later.
Leave a Comment