DEV Community

Discussion on: Why and How: Switch from RSA to ECDSA SSH keys

Collapse
 
ferricoxide profile image
Thomas H Jones II

Couple reasons I can think of:
1) They use the key for more than just Linux instances: Windows EC2s' initial administrator password is derived from the uploaded SSH key. Since you can't even use a passworded key for such, it's unlikely they want to inject logic to handle arbitrary algorightms
2) They're likely of the view "why invest in improving something people really shouldn't be using in the first place."
3) If you are allowing logins to interactive shells on your instance, you're far better off using a key-management system than limiting yourself to one SSH key and one user-account

But, again, we're talking RSAv2 vice RSAv1. RSAv2 isn't exactly what you'd typically classify as "inherently weak" (there's a reason that appropriately-generated RSAv2 keys are still usable on systems that are compliant with FIPS-140-2)