paulgorman.org

< ^ txt

Fri Jan 23 09:28:34 EST 2015 Slept pretty well. Woke up a couple of minutes before my alarm clock went off. Goals: Work: - Department review of 2015 IT plan Done. I need to make a few revisions today for the management meeting on Monday. - Work on remote worker VPN Didn't have time. I ended up spending a *lot* of time today walking the bank through sftp setup on their end. Home: - Write some C No. - Clean, a bit. A tiny bit of tidying, but I'll have to spend some time tomorrow. I did get my key map sorted. I had to resort to xmodmap. Questions: - When establishing an ssh connection, what determines which standard is used (rsa, ecdsa, ed25519)? Which is best? It looks like ecdsa and ed25519 are both theoretically better than rsa, but ecdsa arouses suspicion in some quarters because the randomness it relies on was developed by NIST and may possibly have been weakened by the NSA. Everyone seems to agree that ed25519 is best (secure and fast), but it's not universally supported at this time. None of them are known to be insecure. Looking at my `known_hosts` file, the keys seem to be split between ecdsa and rsa; I don't see any ed25519. It looks like many of the boxes in question support ed25519, so I wonder why none use it. ssh with the -vvv flag is interesting: debug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521 It looks like the client tells the sever which algorithms it supports in order of descending preference.

< ^ txt