Hi,
it would be great to support more ssh keys types for example sk-ssh-ed25519.
As far as I know the underlying OpenSSH already supports them.
So the only limitation is the VyOS configuration.
Hi,
it would be great to support more ssh keys types for example sk-ssh-ed25519.
As far as I know the underlying OpenSSH already supports them.
So the only limitation is the VyOS configuration.
Also, it should be enabled by default (at least in ssh documentation)
Could you check it?
What do you mean by "enable by default"?
The issue is that, right now, we are unable to add these kind of ssh keys because the cli won't let you define the type.
I mean Linux man https://man7.org/linux/man-pages/man5/sshd_config.5.html
HostKeyAlgorithms Specifies the host key signature algorithms that the server offers. The default for this option is: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], ssh-ed25519, ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, [email protected], [email protected], rsa-sha2-512,rsa-sha2-256,ssh-rsa
Ah, yea that is true.
They are enabled by default.
The only issue is the vyos cli that simply didn't know them.
So the original task means that we don't have new CLI options in login keys
Missing sk-ssh-ed25519
vyos@r14# set system login user foo authentication public-keys foo type Possible completions: ssh-dss None ssh-rsa None ecdsa-sha2-nistp256 None ecdsa-sha2-nistp384 None ssh-ed25519 None ecdsa-sha2-nistp521