From 9de458a249861bdbf58a06850a7b9f6acef6b456 Mon Sep 17 00:00:00 2001 From: job Date: Mon, 4 Sep 2023 10:29:58 +0000 Subject: [PATCH] Generate Ed25519 keys when invoked without arguments Ed25519 public keys are very convenient due to their small size. OpenSSH has supported Ed25519 since version 6.5 (January 2014). OK djm@ markus@ sthen@ deraadt@ --- usr.bin/ssh/ssh-keygen.1 | 6 +++--- usr.bin/ssh/ssh-keygen.c | 10 +++------- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/usr.bin/ssh/ssh-keygen.1 b/usr.bin/ssh/ssh-keygen.1 index c760f91be14..c392141ea12 100644 --- a/usr.bin/ssh/ssh-keygen.1 +++ b/usr.bin/ssh/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.229 2023/07/23 20:04:45 naddy Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.230 2023/09/04 10:29:58 job Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 23 2023 $ +.Dd $Mdocdate: September 4 2023 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -185,7 +185,7 @@ The type of key to be generated is specified with the option. If invoked without any arguments, .Nm -will generate an RSA key. +will generate an Ed25519 key. .Pp .Nm is also used to generate groups for use in Diffie-Hellman group diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index 7d7a78c5466..56a11a6dd13 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.470 2023/07/17 04:01:10 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.471 2023/09/04 10:29:58 job Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -61,11 +61,7 @@ #include "ssh-pkcs11.h" #endif -#ifdef WITH_OPENSSL -# define DEFAULT_KEY_TYPE_NAME "rsa" -#else -# define DEFAULT_KEY_TYPE_NAME "ed25519" -#endif +#define DEFAULT_KEY_TYPE_NAME "ed25519" /* * Default number of bits in the RSA, DSA and ECDSA keys. These value can be @@ -252,7 +248,7 @@ ask_filename(struct passwd *pw, const char *prompt) char *name = NULL; if (key_type_name == NULL) - name = _PATH_SSH_CLIENT_ID_RSA; + name = _PATH_SSH_CLIENT_ID_ED25519; else { switch (sshkey_type_from_name(key_type_name)) { case KEY_DSA_CERT: -- 2.20.1