279
submitted 1 year ago* (last edited 1 year ago) by ademir@lemmy.eco.br to c/linux@lemmy.ml

OpenSSH's ssh-keygen command just got a great upgrade.

New video from @vkc@mspsocial.net


Edit:

She has a peertube channel: !veronicaexplains@tinkerbetter.tube and it federatess as a Lemmy Community

The Peertube video in Lemmy.ml: https://lemmy.ml/post/8842820

Link to the video in your instance.

top 40 comments
sorted by: hot top controversial new old
[-] RegalPotoo@lemmy.world 312 points 11 months ago

tl;dw - ed25519 keys are now the default

[-] Synthead@lemmy.world 92 points 11 months ago* (last edited 11 months ago)

Thanks for reducing the click bait.

[-] Grass@sh.itjust.works 32 points 11 months ago

From the thumbnail I was wondering if it was this. Thanks for saving me the watch.

[-] MigratingtoLemmy@lemmy.world 12 points 11 months ago

Finally damnit

[-] ultra@feddit.ro 9 points 11 months ago
[-] WalrusByte@lemmy.world 3 points 11 months ago

Oh nice! That's the key type I use anyway, so nice to know I don't have to pass as many options in now

[-] SteveTech@programming.dev 82 points 1 year ago

Woah peertube federating with lemmy is actually really cool!

[-] ademir@lemmy.eco.br 10 points 11 months ago

right!? the fediverse is so cool!

[-] lntl@lemmy.ml 39 points 11 months ago

i don't think I've created an RSA key since 2017

[-] aard@kyu.de 19 points 11 months ago

A surprising amount of services (including Azure last I tried) can only handle RSA keys, so after trying ecdsa only for a while I ended up adding a RSA key again.

With that said - it's 2023, in almost all cases you should have your keys in a hardware module nowadays, in which case you'd use a different command for keygeneration.

[-] fossisfun@lemmy.ml 10 points 11 months ago* (last edited 11 months ago)

Actually it is the same story with TLS 1.3 and TLS 1.2. A bunch of sites still doesn't support TLS 1.3 (e. g. arstechnica.com, startpage.com) and some of them only support TLS 1.2 with RSA (e. g. startpage.com).

You can try this yourself in Firefox by disabling ciphers (search for security.ssl3 in about:config) or by setting the minimum TLS version to 1.3 (security.tls.version.min = 4 in about:config).

[-] deepdive@lemmy.world 3 points 11 months ago

Strange enough TLS 1.3 still doesn't support signed ed25519 certificates :| P‐256, NIST P‐384 or NIST P‐521 curves are known to be "backdoored" or having deliberately chosen mathematical weakness. I'm not an expert and just a noob security/selfhoster enthusiast but I don't want to depend on curves made by NSA or other spy agencies !

I also wondering if the EU isn't going to implement something similar with all their new spying laws currently discussed...

[-] LaggyKar@programming.dev 3 points 11 months ago

AFAIK, they're not known to be backdoored, only suspected

[-] deepdive@lemmy.world 2 points 11 months ago

Yeah wrong wording, but the fact that we have to depend mostly on NSA's cryptographic schemes makes it very suspicious !

[-] Helix@feddit.de 6 points 11 months ago

ed25519 ≠ ecdsa

[-] lolcatnip@reddthat.com 3 points 11 months ago

Do you have a link for storing keys in hardware? I have no idea how you'd do that.

[-] aard@kyu.de 5 points 11 months ago

Easiest and most affordable is probably a security key like the Nitrokey or the https://www.yubico.com/. I personally don't like the company behind yubikey much, but if you want something small you can always leave in the device that's pretty much your only option.

For "cheaper, but a bit more effort" would be just getting a smartcard blank, a card reader (if you're not lucky enough to have a notebook or computer with one built in), and then either write your own applet, or use one of the available opensource ones, and upload it to the card. A variant of that would be the Fidesmo card, where you get a card and their applet.

Or you just use the TPM you may have in your system - though you'll need to be careful with that: Typically one reason for using a hardware token is to make sure keys can't get extracted, while TPMs often do allow key extraction. Software to make that work would be opencryptoki.

Generally you'd use PKCS#11 to have the various components talk to each other. On your average Linux pretty much everything but GnuPG place nice. with PKCS#11. Typically you end up with pcscd to interface with the smartcard (the above USB tokens are technically also just USB smartcards), OpenSC as layer to provide PKCS#11 on top, and software (like OpenSSH) then talks to that.

All of that should be available as packages in any Linux distribution nowadays - and typically will also provide p11-kit configured to use a proxy library to make multiple token sources easily available, and avoid blocking on concurrent access.

ssh-add supports adding keys from pkcs#11 providers to the SSH agent (search pkcs11 in ssh-add manpage), with some distribution (like RedHat) also carrying patches allowing you to only select individual tokens for adding.

If you're also using GnuPG it gets more complicated - you pretty much have two options: Stick with PKCS#11, in which case you'd replace GPGs own smartcard agent with gnupg-pkcs11-scd, or you use GPGs own card implementation, in which case you can forget pretty much everything I wrote above, and just follow the security key manual for setting up a GPG card, enable SSH agent support in the GPG agent, and just use that for SSH authentication.

[-] lolcatnip@reddthat.com 1 points 11 months ago
[-] lntl@lemmy.ml 1 points 11 months ago
[-] lemann@lemmy.one 11 points 11 months ago

I delete them from the ssh config folder after installation, along with the DSA and ECDSA keys. No ed25519? No auth.

Also prevents a handful of bots from attempting SSH login into your cloud infra, a lot of them don't support ed25519 kex

[-] 018118055@sopuli.xyz 5 points 11 months ago

I had to create one this year after discovering that connectbot (ssh client on Android) didn't support agent forwarding otherwise.

[-] lemann@lemmy.one 6 points 11 months ago

Probably a good idea to look for a different client, call me tinfoil but I wouldn't want to touch a very old mechanism that is supported/pushed by a very recognisable 3 letter agency

[-] LiveLM@lemmy.zip 6 points 11 months ago

I've just started using SSH inside of Termux, got tired of all the weird pitfalls SSH Clients for Android usually have

[-] 018118055@sopuli.xyz 2 points 11 months ago

Probably. It's in f-droid but increasingly looking not quite unmaintained, but not developed actively enough.

[-] lntl@lemmy.ml 2 points 11 months ago

considered harmful

[-] const_void@lemmy.ml 33 points 11 months ago

YouTube thumbnails are cancer

[-] Blackmist@feddit.uk 15 points 11 months ago
[-] ky56@aussie.zone 16 points 11 months ago

DeArrow by the same developer as SponsorBlock seems to be actively developed and community contributions are fast.

[-] duncesplayed@lemmy.one 9 points 11 months ago

YouTube titles, too :(

[-] kool_newt@lemm.ee 28 points 1 year ago

In 2005, Curve25519 was first released by Daniel J. Bernstein.[5] (https://en.wikipedia.org/wiki/Curve25519)

DJB? Nice! Always been a fan.

[-] rammer@sopuli.xyz 26 points 11 months ago

Yeah, look at the curves on that guy.

[-] NoSpotOfGround@lemmy.world 11 points 11 months ago

It says that

Starting in 2014, OpenSSH defaults to Curve25519-based ECDH.

So what changed recently? (I didn't watch the video, in fairness).

[-] domi@lemmy.secnd.me 14 points 11 months ago

ssh-keygen now defaults to ed25519 so you don't have to do ssh-keygen -t ed25519 anymore. The default since 2014 is for key exchange when connecting.

[-] NoSpotOfGround@lemmy.world 1 points 11 months ago

Got it, thank you!

[-] CarbonScored@hexbear.net 21 points 11 months ago

TL;DR: It'll use a new, more secure key type.

[-] Pantherina@feddit.de 8 points 11 months ago

Nice no ChatGPT anymore to remember how that damn Algorithm is spelled.

Why not just call it RSB ? People, really!

[-] PipedLinkBot@feddit.rocks 7 points 1 year ago

Here is an alternative Piped link(s):

https://piped.video/tdfBbpJPTGc

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source; check me out at GitHub.

[-] maniel@beehaw.org 5 points 11 months ago

Isn't elliptic curves cryptography sensitive to quantum computers attack? Shor's algorithm etc

[-] LaggyKar@programming.dev 3 points 11 months ago* (last edited 11 months ago)

Yes, though OpenSSH has already switched to a quantum resistant algorithm for key exchange (Streamlined NTRU Prime, combined with x25519 in case SNTRUPrime turns out to be weak), and that's the stuff that needs to be switched as soon as possible to preserve forward secrecy. Authentication keys are less urgent.

[-] duncesplayed@lemmy.one 3 points 11 months ago

Yes, it is. ed25519 depends upon discrete log for its security, which Shor's algorithm can (theoretically, of course, not like it's ever been done) efficiently solve.

The post-quantum algorithms are in active research right now. I don't blame anyone for avoiding those at least until we've quantum computers big enough to solve baby toy elliptic curves.

this post was submitted on 04 Dec 2023
279 points (90.4% liked)

Linux

48376 readers
1559 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS