subject:"\[Bug 278825\] ssh\-keygen\: default type of key is changed to ed25519 with 15\-CURRENT but is still rsa with 13\-STABLE and 14\-STABLE"

[Bug 278825] ssh-keygen: default type of key is changed to ed25519 with 15-CURRENT but is still rsa with 13-STABLE and 14-STABLE

2024-05-08 Thread bugzilla-noreply

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278825

Yasuhiro Kimura  changed:

   What|Removed |Added

 Resolution|--- |Not A Bug
 Status|New |Closed

--- Comment #2 from Yasuhiro Kimura  ---
(In reply to Ed Maste from comment #1)

Thanks for explanation. I understand it is intentional that base c9315099f69e
isn't merged to stable branches.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 278825] ssh-keygen: default type of key is changed to ed25519 with 15-CURRENT but is still rsa with 13-STABLE and 14-STABLE

2024-05-07 Thread bugzilla-noreply

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278825

--- Comment #1 from Ed Maste  ---
Support for ed25519 keys may not be sufficiently widespread yet (among ssh
servers that users need to connect to); my intent is to make incremental
improvement in main (choosing better algorithms by default and deprecating old
ones) while avoiding surprises or regressions for users of stable branches and
releases.

If/when we're confident that ed25519 support is sufficiently common this can be
merged to the stable branches.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 278825] ssh-keygen: default type of key is changed to ed25519 with 15-CURRENT but is still rsa with 13-STABLE and 14-STABLE

2024-05-06 Thread bugzilla-noreply

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278825

Bug ID: 278825
   Summary: ssh-keygen: default type of key is changed to ed25519
with 15-CURRENT but is still rsa with 13-STABLE and
14-STABLE
   Product: Base System
   Version: Unspecified
  Hardware: Any
OS: Any
Status: New
  Severity: Affects Some People
  Priority: ---
 Component: bin
  Assignee: b...@freebsd.org
  Reporter: y...@freebsd.org
CC: ema...@freebsd.org

There are following sentences in the commit messages of base edf8578117e8.

--
 * ssh-keygen(1): generate Ed25519 keys by default.
   [NOTE: This change was already merged into FreeBSD.]
--

The commit is merged to stable/13 as base 221a6bc397ad and to stable/14 as base
b24ca3caa752. So the default should be ed25519 with all of latest these
branches. And I checked it.

On latest 15-CURRENT ssh-keygen tries to create ed25519 key pair as is
expected.

--
yasu@rolling-vm-freebsd1[1014]% uname -v
FreeBSD 15.0-CURRENT #0 main-n269883-12117d0e9314: Sat May  4 00:49:39 JST 2024
   
ro...@rolling-vm-freebsd1.home.utahime.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC
yasu@rolling-vm-freebsd1[1014]% ssh-keygen
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/yasu/.ssh/id_ed25519): ^C
yasu@rolling-vm-freebsd1[1015]% 
--

On latest 13-STABLE and 14-STABLE, however, it tries to create rsa key pair.

--
yasu@rolling-vm-freebsd4[1002]% uname -v
FreeBSD 13.3-STABLE stable/13-n257830-825cb4c850f2 GENERIC
yasu@rolling-vm-freebsd4[1003]% ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/yasu/.ssh/id_rsa): ^C
yasu@rolling-vm-freebsd4[1004]%
--

--
yasu@rolling-vm-freebsd5[1002]% uname -v
FreeBSD 14.1-PRERELEASE #0 stable/14-n267586-19e335596658: Thu May  2 20:41:56
UTC 2024
r...@releng1.nyi.freebsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC
yasu@rolling-vm-freebsd5[1003]% ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/yasu/.ssh/id_rsa): ^C
yasu@rolling-vm-freebsd5[1004]%
--

I checked commit log of main branch and found following change is committed
before base edf8578117e8.

--
commit c9315099f69e
Author: Ed Maste 
AuthorDate: Thu Sep 7 12:32:39 2023 -0400
Commit: Ed Maste 
CommitDate: Thu Sep 7 13:34:21 2023 -0400

ssh-keygen: Generate Ed25519 keys when invoked without arguments

Ed25519 keys are convenient because they're much smaller, and the next
OpenSSH release (9.5) will switch to them by default.  Apply the change
to FreeBSD main now, to help identify issues as early as possible.

Reviewed by:kevans, karels, des
Relnotes:   Yes
Obtained from:  OpenBSD 9de458a24986
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41773
--

But there isn't corresponding commit in either stable/13 or stable/14. So it
seems default type of key is still rsa with 13-STABLE and 14-STABLE because
above commit is forgotten to be merged to them.

Cc-ing committer of base c9315099f69e.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 278825] ssh-keygen: default type of key is changed to ed25519 with 15-CURRENT but is still rsa with 13-STABLE and 14-STABLE

[Bug 278825] ssh-keygen: default type of key is changed to ed25519 with 15-CURRENT but is still rsa with 13-STABLE and 14-STABLE

[Bug 278825] ssh-keygen: default type of key is changed to ed25519 with 15-CURRENT but is still rsa with 13-STABLE and 14-STABLE

3 matches

Site Navigation

Mail list logo

Footer information