Is it possible to set key-type ed25519 as default in /etc/ssh/config or .ssh/config for ssh-keygen, so that it generates these key-types as a default?
I looked at man ssh-keygen and the documentation of ssh-config, to no avail.
Using ssh key-type ed25519 as standard type when generating a new key?
1.6k Views Asked by Grimaldi At
3
There are 3 best solutions below
0
On
There is no configuration option for this.
Taking a look at the source code for ssh-keygen reveals that -t assigns a value to key_type_name, which if omitted is assigned the value of DEFAULT_KEY_TYPE_NAME. That one is defined conditionally as "rsa" if WITH_OPENSSL is defined, and as "ed25519" otherwise.
Since OpenSSH is built with OpenSSL on nearly all distributions, the default is rsa. To change the default, you'd need to build OpenSSH from source and change the default before compiling.
(Using ./configure --without-openssl would also work, but this is marked as experimental and only gives you a limited subset of crypto algorithms.)
0
On
Is it possible to set key-type ed25519 as default in
/etc/ssh/configor.ssh/configfor ssh-keygen, so that it generates these key-types as a default?
You won't have to do anything... beside upgrading openSSH.
OpenSSH 9.5 (2023-10-04) includes ssh-keygen(1) which now generates Ed25519 keys by default.
Ed25519 public keys are very convenient due to their small size. Ed25519 keys are specified in RFC 8709 and OpenSSH has supported them since version 6.5 (January 2014).
You should be able to do this by putting this in your .ssh/config:
IdentifyFile ~/.ssh/id_ed25519