SSH keypair generation: RSA or DSA?

RSA is generally preferred (now that the patent issue is over with) because it can go up to 4096 bits, where DSA has to be exactly 1024 bits (in the opinion of ssh-keygen). 2048 bits is ssh-keygen's default length for RSA keys, and I don't see any particular reason to use shorter ones. (The minimum possible is 768 bits; whether that's "acceptable" is situational, I suppose.)


It's not about symmetric or asymetric encryption. It's about particular algorithms (RSA and DSA) requiring higher bit count to achieve acceptable security level. For example, ECC is also an asymmetric encryption, but it provides good security at much lower bit counts than RSA or DSA.


If you have a recent implementation of SSH, you may also consider ECDSA !


256 bit certificates that banks use for SSL connections are symmetric cyphers such as 3DES or AES, hence the lower bit count. When you see 1024 and 2048 (and even 4096) these are asymmetric ciphers.


DSA keys have much shorter signaures than RSA keys (for the same "level of security"), so one reason for using DSA would be in constrained environments.