Hi So. Bottom line: can we use RSA, ED25519 or ED25519-SK? Some of us (me, at a minimum; sorry) do not have all the time to RTFM for the latest and greatest encryption. If ssh-keygen works with any of the schemes above, please let me know, and also post a note on the main website. All the best Marco On Tue, Mar 11, 2025 at 8:29 PM Georgiy Tugai <georgiy@tugai.id.au> wrote:
On 11/03/2025 19:25, David Cooper wrote:
Marco (and anyone else with ssh access): You may need an updated ssh keypair which is stronger or more modern - whatever is needed by default by current latest debian bookworm.
If your logins are still not working apparently because of invalid key type, please send me a new public key which uses a current encryption method such as e.g. ed25519 and I will add to your .ssh/authorized_keys.
Dave Cooper
It's actually a bit more strict than default debian bookworm; I applied the server config recommendations from https://github.com/jtesta/ssh-audit, see /etc/ssh/sshd_config.d/local.conf
This means you can't use ECDSA keys (RSA, ED25519 or ED25519-SK are all OK) and must use sufficiently modern ciphers, MAC and key-exchange algorithms.
Georgiy
-- Marco Antoniotti, Professor, Director tel. +39 - 02 64 48 79 01 DISCo, University of Milan-Bicocca U14 2043 http://dcb.disco.unimib.it Viale Sarca 336 I-20126 Milan (MI) ITALY CSCE 2025 - csce.lakecomoschool.org