Understanding SSH Key RSA DSA ECDSA ED25519

Updated: Sep 5

SSH protocol supports several public key types for authentication keys. The key type and key size both matter for security. We will dive into every type of SSH key today to check out which one is more secure in Linux.




Key Generation Options

When generating a key, we need to decide three things: the key algorithm, the key size, and whether to use a passphrase.


  • Key Algorithm For the key algorithm, we need to take into account its compatibility. For this reason, we recommend you use RSA. However, if we have a specific need to use another algorithm (such as ECDSA), we can use that too, but be aware of the compatibility issues we might run into.


  • Key Size For the key size, we need to select a bit length of at least 2048 when using RSA and 256 when using ECDSA; these are the smallest key sizes allowed for SSL certificates. Unless we need to use a larger key size, we recommend sticking with 2048 with RSA and 256 with ECDSA.


  • Passphrase For the passphrase, we need to decide whether we want to use one. If used, the private key will be encrypted using the specified encryption method, and it will be impossible to use without the passphrase. Because there are pros and cons with both options, it's important we understand the implications of using or not using a passphrase.

Note: In older versions of OpenSSL, if no key size is specified, the default key size of 512 is used. Any key size lower than 2048 is considered unsecure and should never be used.




Introduction of SSH Key Types

There are four types of SSH key algorithms in the market RSA, DSA, ECDSA, ED25519. The following are the differences between them.


Understanding RSA

rsa - an old algorithm based on the difficulty of factoring large numbers. A key size of at least 2048 bits is recommended for RSA; 4096 bits is better. RSA is getting old and significant advances are being made in factoring. Choosing a different algorithm may be advisable. It is quite possible the RSA algorithm will become practically breakable in the foreseeable future. All SSH clients support this algorithm.



Understanding DSA

dsa - an old US government Digital Signature Algorithm. It is based on the difficulty of computing discrete logarithms. A key size of 1024 would normally be used with it. DSA in its original form is no longer recommended.


Understanding ECDSA

ecdsa - a new Digital Signature Algorithm standardized by the US government, using elliptic curves. This is probably a good algorithm for current applications. Only three key sizes are supported: 256, 384, and 521 (sic!) bits. We would recommend always using it with 521 bits, since the keys are still small and probably more secure than the smaller keys (even though they should be safe as well). Most SSH clients now support this algorithm.



Understanding ed25519

ed25519 - this is a new algorithm added in OpenSSH. Support for it in clients is not yet universal. Thus its use in general purpose applications may not yet be advisable.


Recommendation of Generating SSH Key File in Linux

Based on the difference of each SSH key type, we recommend the following ways to generate SSH key file.


ssh-keygen -t rsa -b 4096
ssh-keygen -t dsa
ssh-keygen -t ecdsa -b 521
ssh-keygen -t ed25519


Related:

Which SSH Key Is More Secure in Linux?

Filtering SSH Packets with Tcpdump

Setup SSH Keys to Login Linux Without Password

64 views
屏幕快照 2021-08-08 下午5.16.32.png