# SSH dropping support for DSA

## grant123

How can I check to see what type of SSH keys I'm using and switch to ed25519?

```
# eselect news read 33

2015-08-13-openssh-weak-keys

  Title                     OpenSSH 7.0 disables ssh-dss keys by default

  Author                    Mike Frysinger <vapier@gentoo.org>

  Posted                    2015-08-13

  Revision                  1

Starting with the 7.0 release of OpenSSH, support for ssh-dss keys has

been disabled by default at runtime due to their inherit weakness.  If

you rely on these key types, you will have to take corrective action or

risk being locked out.

Your best option is to generate new keys using strong algos such as rsa

or ecdsa or ed25519.  RSA keys will give you the greatest portability

with other clients/servers while ed25519 will get you the best security

with OpenSSH (but requires recent versions of client & server).

If you are stuck with DSA keys, you can re-enable support locally by

updating your sshd_config and ~/.ssh/config files with lines like so:

   PubkeyAcceptedKeyTypes=+ssh-dss

Be aware though that eventually OpenSSH will drop support for DSA keys

entirely, so this is only a stop gap solution.

More details can be found on OpenSSH's website:

   http://www.openssh.com/legacy.html
```

----------

## YetiBarBar

Default id file is named by ssh using the scheme:

```
id_protocol
```

For example, I have two file in my ~/.ssh folder : id_rsa and id_ed22519

Another way to check this is to read the associated pub key.

```
me @ home (20:54) % cat ~/.ssh/id_rsa.pub 

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwT8HiKDIrPSLmxQT+zGtJZmLRDITEP0ZUyoYZY4JxWhLvIYUNVHy+As1DtYkUb6RPi0DgebccmblyktEjhobtG8w5k+B3Meoba3URUXHArhnJJTijhPgIEHkoQNjaNqloxdV2R/zsoha8h9E0Ae/UBU1rfJ8IoKqxZJhXx9y9a0u0dcClFA8WAtTxZiOzrukzMPTt7cRQccs7P6zR4POYwktuQQ4g5/Y2Pk0QEa50G4s3oI41p0OWPMK7F5FUSrRxhoKuJWfUfHyI+imbD1OmDJjUEfGEUG+0fszUSjKTXOOXMiFHfXYZwOlG9voXPj2hY+Jx2mXcZaQtSvPGCJo3 me@home
```

```
me @ home (20:54) % cat ~/.ssh/id_ed25519.pub 

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGCXOQAJ6+V6FBZVVvNsED9WZF3V6+2ZCzPtBDWf3032 me@home
```

To generate a new key using ed22519 :

```
ssh-keygen -t ed25519
```

----------

