Ssh – Best current authentication cipher for SSH2? Are certain ones only allowed/not allowed? How to tell what cipher an existing key is

private-keypublic-keysshssh-keys

  • I am a linux newbie. I plan on generally using OpenSSH
  • I have spent a number of hours & I can't seem too quickly find the answer
  • I have briefly read some on IETF, however I will be honest its WAY too in-depth & I get lost in the text
  • I have searched this site for the following & didn't find an answer quickly: SSH RSA bad, openssh protocol 2, SSH2 authentication, among others I have forgotten
  • I have searched this site which which says SSH2 only uses DSA (as does this site). It also says SSH2 only uses hosts keys; whereas SSH1 uses server & host keys; that confuses me a little bit
  • This ubuntu page suggests DSA is less secure & suggets to use RSA; nothing is said about SSH2
  • The openbsd man page for sshd_config (which openssh's website links to) under HostKey says RSA1 is only for SSH1; however RSA, dsa, or ecdsa is for SSH2
  • I believe after assembling this question that SSH2 may be coined specifically by SSH Communications Security for their implementation of Secure Shell Protocol 2. As noted above those when I speak of SSH, I plan to only use OpenSSH

How to tell what cipher an existing key is

I have a working key I created with the default options (I entered no arguments) in 'OpenSSH_5.5p1 Debian-4ubuntu6, OpenSSL 0.9.8o 01 Jun 2010'. I can tell its RSA from numerous things (the filename, first lines in .pub key, in the private key); only place I can confirm the bit-strength (I think its called) is when I created it showed the randomart in top showed 2048. How do I know if its RSA1 or RSA2, or regular RSA

Please set me straight as I want the most secure way to do ssh 🙂

Best Answer

TLDR: Use 2048bit RSA keys.

Unless you're using an ancient SSH client or server, you'll be using protocol version 2.

While the DSA and RSA algorithms are comparable in terms of strength, DSA keys may only be 1024bit when used by SSH whereas RSA keys are not limited. 1024bit keys are becoming insecure with the computing power available today, and so you want at least 2048bit, which means RSA. (There also used to be patent issues with RSA which caused DSA to be recommended, but these are no longer the case.)

Pretty much all servers will accept DSA and RSA keys. (Some specific keys are blacklisted due to a Debian bug, but there aren't any disallowed ciphers.) ECDSA is the new hotness, but not all servers support it yet and so it isn't widely usable. Once that changes ECDSA will probably be the way to go.

You can usually tell the type of key by the filename, which is usually id_dsa, id_rsa or id_ecdsa. The file command can also inspect the contains to determine the type:

% file id_rsa
id_rsa: PEM RSA private key

To determine the key length you can use the openssl command:

% openssl rsa -in id_rsa -noout -text | head -n1
Enter pass phrase for id_rsa:
Private-Key: (4096 bit)
% openssl dsa -in id_dsa -noout -text | head -n1
read DSA key
Private-Key: (1024 bit)
Related Topic