FreeBSD 9.0 - ssh switched to ecdsa

I

ikevinjp

I have recently installed FreeBSD 9.0 (remotely in my data center using a remote console). After installation - as always - I would simply do a [cmd=]ssh 127.0.0.1[/cmd] to mark down the ssh key. Then when I tried to ssh the remote machine from my local Mac, I saw that the keys are different. On closer examination, the FreeBSD machine defaults to 'ecdsa' while my Mac is using 'rsa'. (By using ssh-keygen -l -f /etc/ssh/path_to_rsa_key on the FreeBSD machine, it does verify that the rsa key is correct and the same as the one shown on my Mac - so there's no man-in-the-middle attack.)

What is the reason for the switch? Is 'ecdsa' more secure or better?
 
The notes from OpenSSH 5.7:
Code: 
 * Implement Elliptic Curve Cryptography modes for key exchange (ECDH)
   and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA
   offer better performance than plain DH and DSA at the same equivalent
   symmetric key length, as well as much shorter keys.
http://openbsd.das.ufsc.br/openssh/txt/release-5.7
 
You must log in or register to reply here.
Back
Top