Why does GitHub recommend ed25519 SSH key encryption scheme, but itself uses ECDSA?
https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent
Above recommends using ed25519 when configuring SSH keys for connecting to GitHub, but if you SSH to github.com, you see the host key is of ECDSA type (see below). Why don't they use the same type of encryption for server cert as they recommend for client cert?
user@computer:/$ ssh -T [email protected]
The authenticity of host 'github.com (140.82.114.3)' can't be established.
ECDSA key fingerprint is SHA256:p2QAMXNIC1TJYWeIOttrVc98/R1BUFWu3/LiyKgUfQM.
Solution 1:
First, neither ECDSA nor Ed25519 (EdDSA) is an encryption scheme or algorithm; they are both signature algorithms (or schemes) used in SSH as host authentication (aka host-key) algorithms or methods, as well as 'user' authentication.
github.com
has all three currently-accepted types of host key, presumably for maximum interoperability (especially since it costs them nothing to do so):
$ for t in ed25519 ecdsa rsa; do ssh-keyscan -t $t 2>/dev/null github.com; done
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
Which one is used for a given connection depends on the capabilities and preferences of the client, namely your ssh
program. If you are using OpenSSH (which is not the only implementation of SSH and not the only program named ssh
, though I'd expect the most common among githubians who are almost by definition FOSSites) versions 6.5 to 8.1 prefer ecdsa then ed25519 (unless using an OpenSSL version that doesn't support ECC, or not using OpenSSL at all); only 8.2 up prefer ed25519 first. You can override this with e.g. ssh -oHostKeyAlgorithms=ssh-ed25519 ...
or an equivalent config setting, see the man page.