On Mon, 7 Nov 2022, Darren Tucker wrote: > On Mon, 7 Nov 2022 at 00:51, Job Snijders <job@xxxxxxxxxxx> wrote: > [...] > > Perhaps now is a good time to make Ed25519 the default when invoking > > ssh-keygen(1) without arguments? > > I don't think so. Outside of DSA (which is REQUIRED in RFC4253 but is > considered weak these days), RSA keys are the most widely supported > key type and thus most likely to work in any given situation, which > makes them an appropriate default. If you know this is not the case > for your environment, that's what "-t" is for. I don't mind using defaults to apply a little nudge towards better algorithms. OpenSSH has supported ed25519 keys for almost a decade, and RFC 8709 has been a standard for a couple of years. So I'm cautiously supportive of doing this. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
