Hi Devin, This resource documents the choices pretty well I think https://stribika.github.io/2015/01/04/secure-secure-shell.html Author has made some modifications up to Jan 2016 https://github.com/stribika/stribika.github.io/commits/master/_posts/2015-01-04-secure-secure-shell.md The short answer then is ed25519 or rsa4096, disable both dsa and ecdsa. Even 6.5p1 shipped with 9.3 supports ed25519. Cheers, Bernard. On 2016-08-08 19:56, Devin Teske wrote: > Which would you use? > > ECDSA? > > https://en.wikipedia.org/wiki/Elliptic_curve_cryptography > <https://en.wikipedia.org/wiki/Elliptic_curve_cryptography> > > "" In the wake of the exposure of Dual_EC_DRBG as "an NSA undercover > operation", cryptography experts have also expressed concern over the > security of the NIST recommended elliptic curves,[31] > <https://en.wikipedia.org/wiki/Elliptic_curve_cryptography#cite_note-31> > suggesting a return to encryption based on non-elliptic-curve groups. > "" > > Or perhaps RSA? (as des_at_ recommends) > > (not necessarily to Glen but anyone that wants to answer) > -- > Devin > > >> On Aug 4, 2016, at 6:59 PM, Glen Barber <gjb_at_FreeBSD.org> wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> This is a heads-up that OpenSSH keys are deprecated upstream by >> OpenSSH, >> and will be deprecated effective 11.0-RELEASE (and preceeding RCs). >> >> Please see r303716 for details on the relevant commit, but upstream no >> longer considers them secure. Please replace DSA keys with ECDSA or >> RSA >> keys as soon as possible, otherwise there will be issues when >> upgrading >> from 11.0-BETA4 to the subsequent 11.0 build, but most definitely the >> 11.0-RELEASE build. >> >> Glen >> On behalf of: re_at_ and secteam_at_ >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v2 >> >> iQIcBAEBCAAGBQJXo/L2AAoJEAMUWKVHj+KTG3sP/3j5PBVMBlYVVR+M4PUoRJjb >> kShIRFHzHUV9YzTIljtqOVf/f/mw3kRHA4fUonID5AJlo23ht9cwGOvGUi5H3lBK >> rnL9vsU9lvZoGyaHLpR/nikMOaRTa8bl1cdpULlEGH94HEzDuLT92AtAZ5HtdDEl >> GcXRfTe3eGOaxcqNSF8NKSMQQ8rzbKmsgsa5Cbf0PYToemn3xyPAr+9Nz8tbSrlR >> TrrFhzOR6+Ix0NcYJAKs6RUZ2kgbAheYF6nQmAHlJzyBihlfdfieJdysqNwSOQ8u >> c7CyBLNFrGKqYTDVQI36MUwoyVtEqbOjt3cPitsMsD3fVAf05H7dHp/0iqrUghUs >> 60HYOjfmvZxH5wvhEPdv/wPLAZeosdQgW8np3Y5cztw7cxZXF+PxoMjRcnXVpQ2c >> QIZg3RsiQmJtAT4Z2OuvYikqGzrpsVido0um/KMM9b82XilJExxPPzgEpXCK3CE8 >> 7TchzrRA/W27eST4VXoNYrrMlmpavur1IxvMS54fBOu98efTIoER6uJc1t7qcL6r >> mEVmBoMqecg+auuWqz50Bh8K329dlYuGLMbk/Ktc3agXtpkw88ylDmC6l5N7qrnL >> kSb4i3DboU7R1cltiin3c/P+ahwfKQdNH18QbN3utJuzSSRVvXq4laUGFlRhWEEx >> bLbbH2fh5bxDmDXDMdCF >> =LLtP >> -----END PGP SIGNATURE----- >> _______________________________________________ >> freebsd-announce_at_freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-announce >> To unsubscribe, send any mail to >> "freebsd-announce-unsubscribe_at_freebsd.org" > > _______________________________________________ > freebsd-stable_at_freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to > "freebsd-stable-unsubscribe_at_freebsd.org"Received on Mon Aug 08 2016 - 17:48:54 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:07 UTC