|
|
Subscribe / Log in / New account

Bye bye RSA keys?

Bye bye RSA keys?

Posted Feb 15, 2020 12:42 UTC (Sat) by tlamp (subscriber, #108540)
In reply to: Bye bye RSA keys? by mbunkus
Parent article: OpenSSH 8.2 released

Note that RSA SHA-2 signature algorithms rsa-sha2-256/512, which have the same type as the now deprecated ones "ssh-rsa" are still supported and should be fine. You can check your type easily with ssh-keygen, e.g.: 

ssh-keygen -lf .ssh/id_rsa.pub 
2048 SHA256:vr9V....
My keys here from a Debian 9 Stretch got already created as SHA256 key by default, so most keys generated on distributions with a release from 3-4 years ago should be fine already, if one did not explicitly choose SHA1.

to post comments

Bye bye RSA keys?

Posted Feb 15, 2020 13:00 UTC (Sat) by cjwatson (subscriber, #7322) [Link] (3 responses)

While it is true that rsa-sha2-{256,512} will work fine, this advice to check ssh-keygen output is misleading and incorrect. The hash algorithm used to display the key fingerprint is unrelated to the public key algorithm used for client authentication.

Bye bye RSA keys?

Posted Feb 15, 2020 16:46 UTC (Sat) by tlamp (subscriber, #108540) [Link] (2 responses)

Hmm, true, the SHA256 is just for the fingerprint.

But doesn't relates the keysize to rsa-sha2-{256,512}?
I.e.:

2048 -> 256
4096 -> 512

Else, do you or anybody else knows a quick and general available method to get the used type from a public key?

Bye bye RSA keys?

Posted Feb 16, 2020 6:22 UTC (Sun) by djm (subscriber, #11651) [Link]

The signature algorithm doesn't relate to the key size, though OpenSSH will refuse RSA keys <1024 bits. Practically, you should use at least 2048 bit keys (this is the default for ssh0-keygen).

All existing ssh-rsa keys can be used with the newer rsa-sha2-256/512 signature types. Whether these are supported though is down to the ssh client and server in question, and the easiest way to find out whether both offer those algorithms is to try the recipe in the release notes ("ssh -oHostkeyAlgorithms=-ssh-rsa")

Bye bye RSA keys?

Posted Feb 16, 2020 9:59 UTC (Sun) by cjwatson (subscriber, #7322) [Link]

djm answered before I did and with more authority. But to explain in a bit more detail: authenticating yourself using an RSA key involves signing a message with that key to prove that you own it. RSA signatures normally work by first hashing the plaintext message with some hash function and then applying the RSA algorithm to the result. The hash function can be basically anything reasonable, but it needs to be agreed by both parties. From this you can see that there doesn't need to be any particular link between hash function and key size.

Part of the SSH authentication protocol involves agreeing on mutually-acceptable parameters, such as the key signature algorithm; as a result you may well find different algorithms being used depending on the client/server combination.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds