So. Bottom line: can we use RSA, ED25519 or ED25519-SK? Some of us (me, at a minimum; sorry) do not have all the time to RTFM for the latest and greatest encryption. If ssh-keygen works with any of the schemes above, please let me know, and also post a note on the main website.

All the best

Marco

On Tue, Mar 11, 2025 at 8:29 PM Georgiy Tugai <georgiy@tugai.id.au> wrote:

On 11/03/2025 19:25, David Cooper wrote:

Marco (and anyone else with ssh access): You may need an updated ssh keypair which is stronger or more modern - whatever is needed by default by current latest debian bookworm.

If your logins are still not working apparently because of invalid key type, please send me a new public key which uses a current encryption method such as e.g. ed25519 and I will add to your .ssh/authorized_keys.

Dave Cooper

It's actually a bit more strict than default debian bookworm; I applied the server config recommendations from https://github.com/jtesta/ssh-audit, see /etc/ssh/sshd_config.d/local.conf

This means you can't use ECDSA keys (RSA, ED25519 or ED25519-SK are all OK) and must use sufficiently modern ciphers, MAC and key-exchange algorithms.

Georgiy

Marco Antoniotti, Professor, Director tel. +39 - 02 64 48 79 01
DISCo, University of Milan-Bicocca U14 2043 http://dcb.disco.unimib.it
Viale Sarca 336
I-20126 Milan (MI) ITALY

CSCE 2025 - csce.lakecomoschool.org