On 07.11.22 05:39, Christoph Anton Mitterer wrote:
Shouldn't the defaults in general be whatever the most (S)ecure (as in SSH) is? Regardless of whether that is RSA, Ed25519 or something else in this specific case.
My .02: The most secu(R)e (as in "Resilient") default would encourage users to have at least *two* keypairs of different algos at hand.
[I still remember the day after automated nightly updates had washed a vendor's panicky "let's disable DSA" into our platforms and I was the only sysadmin to *also* have an "old-fashioned, unnecessarily huge" *RSA* pubkey distributed onto the target machines]
Regards, -- Jochen Bern Systemingenieur Binect GmbH
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
