Page 1 of 1

default certificate type of ssh daemon

Posted: Wed Dec 05, 2018 10:50 pm
by skypi
What would be ideal would be to select your own 1st priority preference then fall back in order to least desired which would be ecdsa, based on what the ssh client can provide...

a good article on subject seems ... Hardening/

but I noticed the pi's were adding ecdsa certificates to my authorised hosts as default...

shouldn't the default be Ed25519, with fallback to rsa, then ecdsa

have I missed something?

(there seems to be a ubuntu 16.04 problem with ssh keys probably gnome-keyring somewhere where it now, after a key change, no longer uses the ssh-key but asks for password, though cli sftp, scp ssh all work OK)

EDIT: OK, I missed something, it is the client side that needs configuring which is on ubuntu...

UPDATE: That link listed above is outdated, a problem when things change so fast, some of the parameters it is using in the config files do not exist any more.

It seems it now as simple as on the client end just generating an ED25519 certificate with this line

ssh-keygen -t ed25519

the ssh client will then use the new key preferentially