diff options
author | Ed Maste <emaste@FreeBSD.org> | 2023-09-07 16:32:39 +0000 |
---|---|---|
committer | Ed Maste <emaste@FreeBSD.org> | 2023-09-07 17:34:21 +0000 |
commit | c9315099f69ead6796ef48c2ac5435f8f93c0de7 (patch) | |
tree | aa71a3966abb4a8755650e919a54d6d454cb0a7e /crypto/openssh/ssh-keygen.c | |
parent | 97340b68d18bbbdebf0f73ed900c5a33894061dd (diff) | |
download | src-c9315099f69ead6796ef48c2ac5435f8f93c0de7.tar.gz src-c9315099f69ead6796ef48c2ac5435f8f93c0de7.zip |
ssh-keygen: Generate Ed25519 keys when invoked without arguments
Ed25519 keys are convenient because they're much smaller, and the next
OpenSSH release (9.5) will switch to them by default. Apply the change
to FreeBSD main now, to help identify issues as early as possible.
Reviewed by: kevans, karels, des
Relnotes: Yes
Obtained from: OpenBSD 9de458a24986
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41773
Diffstat (limited to 'crypto/openssh/ssh-keygen.c')
-rw-r--r-- | crypto/openssh/ssh-keygen.c | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/crypto/openssh/ssh-keygen.c b/crypto/openssh/ssh-keygen.c index 9ccea624cd90..5b945a849202 100644 --- a/crypto/openssh/ssh-keygen.c +++ b/crypto/openssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.470 2023/07/17 04:01:10 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.471 2023/09/04 10:29:58 job Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -67,11 +67,7 @@ #include "sk-api.h" /* XXX for SSH_SK_USER_PRESENCE_REQD; remove */ #include "cipher.h" -#ifdef WITH_OPENSSL -# define DEFAULT_KEY_TYPE_NAME "rsa" -#else -# define DEFAULT_KEY_TYPE_NAME "ed25519" -#endif +#define DEFAULT_KEY_TYPE_NAME "ed25519" /* * Default number of bits in the RSA, DSA and ECDSA keys. These value can be @@ -263,7 +259,7 @@ ask_filename(struct passwd *pw, const char *prompt) char *name = NULL; if (key_type_name == NULL) - name = _PATH_SSH_CLIENT_ID_RSA; + name = _PATH_SSH_CLIENT_ID_ED25519; else { switch (sshkey_type_from_name(key_type_name)) { case KEY_DSA_CERT: |