Job Snijders
2023-Sep-03  22:13 UTC
[patch] ssh-keygen(1): generate Ed25519 keys when invoked without arguments
Dear all,
Ed25519 public keys being as small as they are is very convenient.
There is an opportunity to nudge the world towards modern algorithms.
I believe choices made in OpenSSH can positively impact the wider
eco-system and industry. I'd like to suggest ssh-keygen to generate an
Ed25519 keypair, if invoked without any arguments.
OpenSSH has supported Ed25519 since version 6.5 (January 2014).
The newly published FIPS 186-5 (February 2023) guidelines approve
the EdDSA algorithms specified in IETF RFC 8032 (January 2017).
At p2k23 Theo de Raadt suggested now (before OpenBSD 7.4 release) is
good timing to consider this change. Is there a reason not to do this?
OK?
Kind regards,
Job
Further reading:
  Original Ed25519 paper: https://ed25519.cr.yp.to/ed25519-20110926.pdf
  IETF RFC 8032: https://datatracker.ietf.org/doc/html/rfc8032
  FIPS 186-5: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf
Index: ssh-keygen.1
==================================================================RCS file:
/cvs/src/usr.bin/ssh/ssh-keygen.1,v
retrieving revision 1.229
diff -u -p -r1.229 ssh-keygen.1
--- ssh-keygen.1	23 Jul 2023 20:04:45 -0000	1.229
+++ ssh-keygen.1	3 Sep 2023 21:29:11 -0000
@@ -185,7 +185,7 @@ The type of key to be generated is speci
 option.
 If invoked without any arguments,
 .Nm
-will generate an RSA key.
+will generate an Ed25519 key.
 .Pp
 .Nm
 is also used to generate groups for use in Diffie-Hellman group
Index: ssh-keygen.c
==================================================================RCS file:
/cvs/src/usr.bin/ssh/ssh-keygen.c,v
retrieving revision 1.470
diff -u -p -r1.470 ssh-keygen.c
--- ssh-keygen.c	17 Jul 2023 04:01:10 -0000	1.470
+++ ssh-keygen.c	3 Sep 2023 21:29:12 -0000
@@ -61,11 +61,7 @@
 #include "ssh-pkcs11.h"
 #endif
 
-#ifdef WITH_OPENSSL
-# define DEFAULT_KEY_TYPE_NAME "rsa"
-#else
-# define DEFAULT_KEY_TYPE_NAME "ed25519"
-#endif
+#define DEFAULT_KEY_TYPE_NAME "ed25519"
 
 /*
  * Default number of bits in the RSA, DSA and ECDSA keys.  These value can be
@@ -252,7 +248,7 @@ ask_filename(struct passwd *pw, const ch
 	char *name = NULL;
 
 	if (key_type_name == NULL)
-		name = _PATH_SSH_CLIENT_ID_RSA;
+		name = _PATH_SSH_CLIENT_ID_ED25519;
 	else {
 		switch (sshkey_type_from_name(key_type_name)) {
 		case KEY_DSA_CERT:
Stuart Henderson
2023-Sep-03  22:35 UTC
[patch] ssh-keygen(1): generate Ed25519 keys when invoked without arguments
On 2023/09/03 22:13, Job Snijders wrote:> Dear all, > > Ed25519 public keys being as small as they are is very convenient. > There is an opportunity to nudge the world towards modern algorithms. > I believe choices made in OpenSSH can positively impact the wider > eco-system and industry. I'd like to suggest ssh-keygen to generate an > Ed25519 keypair, if invoked without any arguments. > > OpenSSH has supported Ed25519 since version 6.5 (January 2014). > The newly published FIPS 186-5 (February 2023) guidelines approve > the EdDSA algorithms specified in IETF RFC 8032 (January 2017).amazingly, even Mikrotik finally added support (August 2023)...> At p2k23 Theo de Raadt suggested now (before OpenBSD 7.4 release) is > good timing to consider this change. Is there a reason not to do this? > > OK?Seems a sane default to me. People can always use -t rsa if needed.