search

nickthecook / ops

The operations team for your project.
GNU General Public License v3.0
50 stars 1 forks source link

sshkey: Update Security Settings #63

Closed tryton-vanmeer closed 3 years ago

tryton-vanmeer commented 3 years ago

ops currently uses RSA with a key size of 2048. For best security, that key size should be increased to 3072 or 4096.

Even better, the algorithm could be switched to Ed25519.

Ed25519 requires a minimum of OpenSSH 6.5 (January 2014), and all supported OSs provide a newer version.

Some more info on Ed25519 https://ed25519.cr.yp.to/index.html

nickthecook commented 3 years ago

Fixed in v1.7.0. Docs are updated.

Changes in this release:

Previously, the user could configure the key size but not the key algorithm.

Using key_size with an algorithm of ed25519 won't change the key size since all ED25519 keys are 256b.