loading...

re: Why and How: Switch from RSA to ECDSA SSH keys VIEW POST

TOP OF THREAD FULL DISCUSSION
re: Interesting insight, thanks for sharing. Really sad to hear, that especially AWS is only supporting RSA for their machines. They are in the positio...
 

Couple reasons I can think of:
1) They use the key for more than just Linux instances: Windows EC2s' initial administrator password is derived from the uploaded SSH key. Since you can't even use a passworded key for such, it's unlikely they want to inject logic to handle arbitrary algorightms
2) They're likely of the view "why invest in improving something people really shouldn't be using in the first place."
3) If you are allowing logins to interactive shells on your instance, you're far better off using a key-management system than limiting yourself to one SSH key and one user-account

But, again, we're talking RSAv2 vice RSAv1. RSAv2 isn't exactly what you'd typically classify as "inherently weak" (there's a reason that appropriately-generated RSAv2 keys are still usable on systems that are compliant with FIPS-140-2)

code of conduct - report abuse