DEV Community

Cover image for SSH Asymmetric Encryption Types & Strengths
Jeremy Jewell
Jeremy Jewell

Posted on

SSH Asymmetric Encryption Types & Strengths

#ssh #encryption #security

SSH Key Types & Best Practices

Secure Shell (SSH) relies on asymmetric encryption to protect remote logins and data in transit. Picking the right key type affects performance, compatibility, and long‑term security. This guide covers RSA, DSA, ECDSA, and Ed25519—when to use each, how to generate keys, and gotchas to watch out for.

Why Asymmetric Encryption Matters

  1. Authentication & Key Exchange SSH uses your key pair to sign a server‑issued challenge. The server verifies the signature with your public key—no passwords flying in the clear.
  2. Session Encryption After authentication, SSH negotiates a fast symmetric cipher (AES, ChaCha20) to encrypt all data for the rest of the session.

Pro tip: Always run SSH‑2 (the only protocol supported since 1998) and disable weak ciphers in sshd_config.

Handy OpenSSH Flags 

ssh-keygen -o -a 100 -b <bits> -t <type> -C "you@example.com"
Enter fullscreen mode Exit fullscreen mode
  • -o use the modern bcrypt‑protected format
  • -a 100 increase passphrase KDF rounds (good on fast CPUs)
  • -b <bits> key size (ignored for Ed25519)
  • -t <type> algorithm: rsa, dsa, ecdsa, or ed25519
  • -C "<comment>" add a comment in authorized_keys

RSA: Compatibility Champion

When to choose

  • Legacy devices or appliances that don’t support newer curves
  • Compliance requirements mandating RSA

Generate a 4096‑bit key:

ssh-keygen -t rsa -b 4096 -o -a 100 -C "you@example.com"
Enter fullscreen mode Exit fullscreen mode

How it works (brief)

  1. Pick two large primes p and q.
  2. Compute n = p · q and phi = (p - 1) · (q - 1).
  3. Choose public exponent e; compute private exponent d so that e · d ≡ 1 (mod phi).
  4. Encrypt with c = m^e mod n; decrypt with m = c^d mod n.

Security notes

  • 2048 bit keys are still secure, but 3072 + bits give extra margin.
  • Safe primes (where (p - 1) and (q - 1) have large factors) resist special attacks.
  • Vulnerable to Shor’s algorithm on a large quantum computer.

DSA: Legacy Signature (Avoid if You Can)

  • Locked to 1024 bit primes and SHA‑1 → ~80 bits security
  • Disabled by default in OpenSSH ≥ 7.0
  • Nonce reuse or bias leaks your private key

Only use DSA (ssh-dss) if you must connect to pre‑2010 firmware.

ECDSA: Curve‑Based Alternative

When to choose

  • FIPS‑compliant environments
  • You want smaller keys and faster ops than RSA

Generate a P‑256 key:

ssh-keygen -t ecdsa -b 256 -o -a 100 -C "you@example.com"
Enter fullscreen mode Exit fullscreen mode

Snapshot

  • Key size: 256 bits → ~128 bits security
  • Signature: ~70 – 100 bytes
  • Caveat: Each signature needs a fresh random k—poor RNG = total compromise.

Ed25519: The Modern Default

When to choose

  • Almost everyone—modern servers, Git hosts, CI pipelines, hardware tokens

Generate your key:

ssh-keygen -t ed25519 -a 100 -C "you@example.com"
Enter fullscreen mode Exit fullscreen mode

How it works (high‑level):

  1. Derive a 256‑bit scalar from your seed (SHA‑512 + clamp).
  2. Sign with a deterministic nonce (no RNG headaches).
  3. Verify with a single point‑mul and addition.

Security & Performance:

  • ~128 bits classical security
  • Constant‑time ladder → side‑channel resistance
  • 32 byte keys, 64 byte signatures
  • Default in OpenSSH since v9.4

TL;DR

  • Ed25519 for almost everything: fast, secure, simple.
  • RSA 4096 bits only for legacy compatibility or compliance.
  • ECDSA (P‑256/P‑384) if you need FIPS curve support.
  • Avoid DSA—it’s obsolete and insecure by modern standards.

For the full, detailed notes, check out the original on GitHub:

https://github.com/jeremyrayjewell/cyber_journal/blob/main/week-01-2025-01-17.md

Top comments (0)