Present Location: News >> Blog >> OpenSSH 7.x and Keys


> OpenSSH 7.x and Keys
Posted by prox, from York, on December 26, 2015 at 13:22 local (server) time

OpenSSH 7.0 was released a few months ago and deprecated both the ssh-dss and ssh-rsa keys used for SSHv2 public key authentication.  I haven't found a definitive source stating why these key types were deprecated other than some issue with entropy (doesn't make sense to me because that sounds like a machine-specific problem).  I, unfortunately, still use these keys quite a bit and it's not feasible to completely convert to one of the newer key types.

OpenSSH 7.0 appeared in FreeBSD ports pretty quickly and recently made its way into Debian testing (stretch).

So, what are the newer key types supported?  From what I can tell, it's just ecdsa and ed25519 for SSHv2.  From the OpenSSH 6.2 ssh-keygen(1) manpage:

     -t type
             Specifies the type of key to create.  The possible values are
             ``rsa1'' for protocol version 1 and ``dsa'', ``ecdsa'' or ``rsa''
             for protocol version 2.

From the OpenSSH 7.1 ssh-keygen(1) manpage:

     -t dsa | ecdsa | ed25519 | rsa | rsa1
             Specifies the type of key to create.  The possible values are
             "rsa1" for protocol version 1 and "dsa", "ecdsa", "ed25519", or
             "rsa" for protocol version 2.

Even though dsa and rsa keys are still listed above in the 7.1 man page as being capable of created, they're not accepted by default anymore by ssh or sshd:

debug1: Next authentication method: publickey
debug1: Skipping ssh-dss key /home/prox/.ssh/id_dsa for not in PubkeyAcceptedKeyTypes

(if you're wondering, and I was too, DSS is a document that describes the creation of DSA keys as answered here)

Running ssh -Q key will also dump the list of keys acceptable by ssh:

(nox:11:46:CST)% ssh -Q key

The solution seems obvious, just throw out the old keys and use an ecdsa key, right?  Sure, that'll work for OpenSSH versions that support it.  However, sometimes I have to log into a few legacy boxes that only support RSA and DSA keys (Solaris, IRIX, random network devices, etc. - I've got some old stuff!).

What about keeping around the old keys?  Sure, we can use PubkeyAcceptedKeyTypes in sshd_config and ssh_config like this:

PubkeyAcceptedKeyTypes ssh-dss,ssh-rsa

The only problem is that this option only exists in 7.0 and above.  I use a common ~/.ssh/ssh_config for all of my systems and OpenSSH 6.x barfs on that line.

What's the solution?  Well, one is to not upgrade to OpenSSH 7.0, but that's just delaying the inevitable.  My solution may just be to use two keys, one for modern systems and one for very old systems that don't support ecdsa or ed25519.  Regardless, it's pretty annoying, but security always is, right?

Update 20151229: This page highlights some of these differences and workarounds, too.

> Add Comment

New comments are currently disabled for this entry.