[patch] ssh-keygen(1): by default generate ed25519 key (instead of rsa)

Job Snijders <job@xxxxxxxxxxx> · Sun, 6 Nov 2022 13:43:40 +0000

Dear all,

Support for using Ed25519 for server and user authentication was
introduced in OpenSSH 6.5. I like the compactness of Ed25519 public
keys.

Perhaps now is a good time to make Ed25519 the default when invoking
ssh-keygen(1) without arguments?

Kind regards,

Job

Index: ssh-keygen.1
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh-keygen.1,v
retrieving revision 1.226
diff -u -p -r1.226 ssh-keygen.1

--- ssh-keygen.1	10 Sep 2022 08:50:53 -0000	1.226
+++ ssh-keygen.1	6 Nov 2022 13:31:19 -0000
@@ -185,7 +185,7 @@ The type of key to be generated is speci
 option.
 If invoked without any arguments,
 .Nm
-will generate an RSA key.
+will generate an ed25519 key.
 .Pp
 .Nm
 is also used to generate groups for use in Diffie-Hellman group
Index: ssh-keygen.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh-keygen.c,v
retrieving revision 1.459
diff -u -p -r1.459 ssh-keygen.c
--- ssh-keygen.c	11 Aug 2022 01:56:51 -0000	1.459
+++ ssh-keygen.c	6 Nov 2022 13:31:21 -0000
@@ -61,12 +61,6 @@
 #include "ssh-pkcs11.h"
 #endif
 
-#ifdef WITH_OPENSSL
-# define DEFAULT_KEY_TYPE_NAME "rsa"
-#else
-# define DEFAULT_KEY_TYPE_NAME "ed25519"
-#endif
-
 /*
  * Default number of bits in the RSA, DSA and ECDSA keys.  These value can be
  * overridden on the command line.
@@ -252,7 +246,7 @@ ask_filename(struct passwd *pw, const ch
 	char *name = NULL;
 
 	if (key_type_name == NULL)
-		name = _PATH_SSH_CLIENT_ID_RSA;
+		name = _PATH_SSH_CLIENT_ID_ED25519;
 	else {
 		switch (sshkey_type_from_name(key_type_name)) {
 		case KEY_DSA_CERT:
@@ -3748,7 +3742,7 @@ main(int argc, char **argv)
 	}
 
 	if (key_type_name == NULL)
-		key_type_name = DEFAULT_KEY_TYPE_NAME;
+		key_type_name = "ed25519";
 
 	type = sshkey_type_from_name(key_type_name);
 	type_bits_valid(type, key_type_name, &bits);
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev






