Understanding SSH Key Types
By: Roger Creasy
There are several encryption key formats available for ssh. Here I am covering DSA, RSA, ECDSA, and Ed25519. These are the most common. DSA and RSA use factoring of 2 large prime numbers in their encryption algorithm. ECDSA and Ed25519 use elliptical curves.
Before we get into the differences in key types, let's look at how keys work for SSH authentication. The SSH handshake uses asymmetrical encryption -- the encryption goes in one direction. The server uses the public key to encrypt information in such a way that only the private key can decrypt it. The server sends an encrypted challenge, the client must respond with proof that it was able to decrypt the challenge. You can think of the public key as a lock the server places on data, and the private key as the key that fits that lock.
The importance of how keys are generated lies in how difficult it is to derive the private key using the public key. Since they are mathematically related, this process is possible. To be secure, our job is to make derivation as difficult as possible.
Let's look at the key types.
DSA is weak, insecure, and is no longer accepted by OpenSSH 7.0 and newer. Don't use it. I mention DSA only because there are many older tutorials out there that suggest using it.
ECDSA has been found to have backdoors that allow capturing of data. So, while secure otherwise, I do not recommend its use.
RSA is a valid choice. With RSA you can set the bit size of the key. However, keys with a bit size of 1024 have been cracked. A bit size of 2048 is expected to be secure until 2030. But, computer execution speeds continue to increase. 2048 bit RSA keys could be cracked sooner. A bit size of 4096 seems safe for the foreseeable future. But, the encryption/decryption process with keys this large is slow relative to other choices.
Ed25519 is my key type of choice. The encryption process is more complex. And, the complexity comes without a negative impact from size. Elliptical Curve keys are smaller because of the math behind their generation. There is a good discussion on the topic on StackExchange here. The one disadvantage to Ed25519 is they are not universally accepted. They work for OpenSSH and most git repo systems. If you plan to use them elsewhere, confirm they will work first.
I hope this information is helpful. I did not go into a lot of detail. This post is intended as an overview to help you in choosing the key type that is right for you.
If you have suggestions, contact me on Twitter @rogercreasy.
If you like this post and find it helpful, please share it.