Is it possible to set key-type ed25519 as default in /etc/ssh/config or .ssh/config for ssh-keygen, so that it generates these key-types as a default?
I looked at man ssh-keygen and the documentation of ssh-config, to no avail.
Asked
Active
Viewed 281 times
1
Grimaldi
- 131
- 4
2 Answers
1
There is no configuration option for this.
Taking a look at the source code for ssh-keygen reveals that -t assigns a value to key_type_name, which if omitted is assigned the value of DEFAULT_KEY_TYPE_NAME. That one is defined conditionally as "rsa" if WITH_OPENSSL is defined, and as "ed25519" otherwise.
Since OpenSSH is built with OpenSSL on nearly all distributions, the default is rsa. To change the default, you'd need to build OpenSSH from source and change the default before compiling.
(Using ./configure --without-openssl would also work, but this is marked as experimental and only gives you a limited subset of crypto algorithms.)
Thomas
- 174,939
- 50
- 355
- 478
0
You should be able to do this by putting this in your .ssh/config:
IdentifyFile ~/.ssh/id_ed25519
planB
- 11
- 2
-
This defines the identity file, that is used for `ssh` itself. I‘m looking for an option for `ssh-keygen`. I‘ll clarify my question. – Grimaldi Apr 07 '23 at 19:52