哪一个更安全?
SSH 使用 公钥/私钥对,所以 id_rsa
是你的 RSA 私钥(基于质数),比你的 id_dsa
DSA 私钥(基于指数)更安全。请保管好你的私钥,并广泛分享你的 id_rsa.pub
和 id_dsa.pub
公钥。
RSA被认为更安全。
然而(2020年5月,十年后),根据Julio的OpenSSH 8.2报告,这种情况已经不再成立。
(见Leurent,G和Peyrin,T(2020)“ SHA-1是一场灾难:对SHA-1的首个选择前缀碰撞及其在PGP信任网络中的应用”的 "链接")未来弃用通知
现在可以以不到5万美元的价格对SHA-1哈希算法执行选择前缀攻击。
因此,我们将在不久的将来发布中默认禁用依赖于SHA-1的“ssh-rsa”公钥签名算法。
This algorithm is unfortunately still used widely despite the existence of better alternatives, being the only remaining public key signature algorithm specified by the original SSH RFCs.
The better alternatives include:
The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512.
These algorithms have the advantage of using the same key type as "ssh-rsa
", but use the safe SHA-2 hash algorithms.
These have been supported since OpenSSH 7.2 and are already used by default if the client and server support them.The ssh-ed25519 signature algorithm.
It has been supported in OpenSSH since release 6.5.The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521.
These have been supported by OpenSSH since release 5.7.To check whether a server is using the weak ssh-rsa public key algorithm for host authentication, try to connect to it after removing the
ssh-rsa
algorithm from ssh(1)'s allowed list:
ssh -oHostKeyAlgorithms=-ssh-rsa user@host
If the host key verification fails and no other supported host key types are available, the server software on that host should be upgraded.
A future release of OpenSSH will enable
UpdateHostKeys
by default to allow the client to automatically migrate to better algorithms.
Users may consider enabling this option manually.
UpdateHostKeys
(请参考此链接)。无论哪种形式的RSA都比任何形式的DSA更安全,尽管如今您应该优先选择ed25519,详细解释请参考我的回答。 - undefined是的,rsa被认为更安全。
在2014年10月,OpenSSH 7(Ubuntu 16.04LTS默认版本)已禁用对DSA的默认支持。这表明DSA不再是推荐的方法。
https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html