id_rsa.pub 和 id_dsa.pub 有什么区别?

发布于 2024-09-01 11:44:57 字数 1559 浏览 11 评论 0原文

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

纵山崖 2024-09-08 11:44:57

id_rsa.pubid_dsa.pubid_rsaid_dsa 的公钥。

如果您询问与 SSH 相关的问题,id_rsa 是一个 RSA 密钥,可与 SSH 协议 1 或 2 一起使用,而 id_dsaDSA 密钥,只能与 SSH 协议 2 一起使用。 两者都非常安全,但 DSA 似乎现在已成为标准(假设您的所有客户端/servers 支持 SSH 2)。

更新: 自从本文编写以来,DSA 已被证明是不安全的。更多信息请参见 Adam Katz 的回答。

id_rsa.pub and id_dsa.pub are the public keys for id_rsa and id_dsa.

If you are asking in relation to SSH, id_rsa is an RSA key and can be used with the SSH protocol 1 or 2, whereas id_dsa is a DSA key and can only be used with SSH protocol 2. Both are very secure, but DSA does seem to be the standard these days (assuming all your clients/servers support SSH 2).

Update: Since this was written DSA has been shown to be insecure. More information available in Adam Katz's answer.

软糯酥胸 2024-09-08 11:44:57

SSH 使用公钥/私钥对,所以
id_rsa 是您的 RSA 私钥(基于素数),比您的 id_dsa 更安全DSA 私钥(基于指数)。确保您的私钥安全并广泛共享您的 id_rsa.pubid_dsa.pub 公钥。

DSA 不安全

DSA 有一个 可猜测参数(如果您计算机的随机数生成器低于标准),这将泄露您的密钥。 ECDSA(DSA的椭圆曲线升级)同样容易受到攻击。即使有好的随机数,DSA 也有 其他强度问题PDF< /a>/

SSH uses public/private key pairs, so
id_rsa is your RSA private key (based on prime numbers), which is more secure than your id_dsa DSA private key (based on exponents). Keep your private keys safe and share your id_rsa.pub and id_dsa.pub public keys broadly.

DSA is insecure

DSA has a guessable parameter if your computer's random number generator is sub par, which will reveal your secret key. ECDSA (DSA's elliptical curve upgrade) is similarly vulnerable. Even with good random numbers, DSA has other strength concernsPDF/???? (these are also found in Diffie-Hellman).

OpenSSH disabled DSA by default in 7.0 (2015-08-11) and disabled DSA support at compile time in 9.8 (2024-07-01). They intend to remove support entirely in 9.9 (early 2025).

Prefer Ed25519

Elliptic curve cryptography offers increased complexity with smaller key sizes. Ed25519 (based on the complexity of plane-modeled elliptical curves) is the preferred implementation due to its assumed lack of meddling (leaked documents show that the US NSA weakens crypto standards).

Ed25519 was introduced in OpenSSH 6.5 (2014-01-30) and GnuPG 2.1 (2014-11-06) and became the default ("first-preference") in OpenSSH 8.5 (2021-03-03). It has universal support nowadays.

Use RSA with 4096 bits when Ed25519 is unavailable

RSA key sizes of 4096 bits using the signature variant of rsa-sha2-512 (added in OpenSSH 7.2, 2016-02-29, default in OpenSSH 8.2, 2020-02-14) should have comparable complexity to Ed25519.

Ed25519 is still preferred to RSA due to a worry that RSA may be vulnerable to the same strength concerns as DSA, though applying that exploit to RSA is expected to be considerably harder.

岛歌少女 2024-09-08 11:44:57

rsa 被认为更安全。

不再(2020 年 5 月,十年后),有了 OpenSSH 8.2,如 报道 ">胡里奥

未来弃用通知

现在可以1对 SHA 执行选择前缀攻击1 种哈希算法,成本不到 5 万美元。
因此,我们将在近期版本中默认禁用依赖于 SHA-1 的“ssh-rsa”公钥签名算法

(参见“SHA-1 是一个混乱:SHA-1 上的首次选择前缀冲突及其应用PGP 信任网络”Leurent, G 和 Peyrin, T (2020))

不幸的是,尽管存在更好的替代方案,但该算法仍然被广泛使用,是原始 SSH RFC 指定的唯一剩余的公钥签名算法。

更好的选择包括:

  • RFC8332 RSA SHA-2 签名算法 rsa-sha2-256/512。
    这些算法的优点是使用与“ssh-rsa”相同的密钥类型,但使用安全的 SHA-2 哈希算法。
    这些自 OpenSSH 7.2 起就受到支持,并且如果客户端和服务器支持它们,则默认情况下已经使用它们。

  • ssh-ed25519 签名算法。
    自 6.5 版本起,OpenSSH 就支持它。

  • RFC5656 ECDSA 算法:ecdsa-sha2-nistp256/384/521。
    自 5.7 版以来,OpenSSH 就支持这些功能。

要检查服务器是否使用弱 ssh-rsa 公钥算法进行主机身份验证,请在从 ssh(1) 的允许列表中删除 ssh-rsa 算法后尝试连接到该服务器:

ssh -oHostKeyAlgorithms=-ssh-rsa user@host

如果主机密钥验证失败并且没有其他支持的主机密钥类型可用,则应升级该主机上的服务器软件。

OpenSSH 的未来版本将默认启用 UpdateHostKeys,以允许客户端自动迁移到更好的算法。
用户可以考虑手动启用此选项


Adam Katz评论

正如您所指出的,自 OpenSSH 7.2 (2016) 以来,默认的 RSA 签名变体一直是 rsa-sha2-512。这解决了 SHA-1 的弱点,并提醒人们 RSA 本身仍然被认为是安全的。自 OpenSSH 8.2 (2020 年 2 月) 起,UpdateHostKeys 已默认启用。任何形式的 RSA 都比任何形式的 DSA 更安全,尽管现在您应该更喜欢 ed25519,如我的回答中所述。< /p>

因此需要明确的是,DSA 并不是真正的“更好的选择”。

亚当补充道:

[这]可以理解为暗示 DSA 比 RSA 更安全,并且不应使用 RSA。

尽管 RSA 密钥是在 2016 年之前生成并部署在运行 OpenSSH 的系统上,但这些都不是真的。 8.2 应手动更新。

rsa is considered more secure.

Not anymore (May 2020, ten years later), with OpenSSH 8.2, as reported by Julio

Future deprecation notice

It is now possible1 to perform chosen-prefix attacks against the SHA-1 hash algorithm for less than USD$50K.
For this reason, we will be disabling the "ssh-rsa" public key signature algorithm that depends on SHA-1 by default in a near-future release.

(See "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust" Leurent, G and Peyrin, T (2020))

This algorithm is unfortunately still used widely despite the existence of better alternatives, being the only remaining public key signature algorithm specified by the original SSH RFCs.

The better alternatives include:

  • The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512.
    These algorithms have the advantage of using the same key type as "ssh-rsa", but use the safe SHA-2 hash algorithms.
    These have been supported since OpenSSH 7.2 and are already used by default if the client and server support them.

  • The ssh-ed25519 signature algorithm.
    It has been supported in OpenSSH since release 6.5.

  • The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521.
    These have been supported by OpenSSH since release 5.7.

To check whether a server is using the weak ssh-rsa public key algorithm for host authentication, try to connect to it after removing the ssh-rsa algorithm from ssh(1)'s allowed list:

ssh -oHostKeyAlgorithms=-ssh-rsa user@host

If the host key verification fails and no other supported host key types are available, the server software on that host should be upgraded.

A future release of OpenSSH will enable UpdateHostKeys by default to allow the client to automatically migrate to better algorithms.
Users may consider enabling this option manually.


Adam Katz clarifies in the comments:

As you noted, the default RSA signature variant has been rsa-sha2-512 since OpenSSH 7.2 (2016). This addresses the SHA-1 weakness and serves as a reminder that RSA itself is still considered secure. UpdateHostKeys has been enabled by default since OpenSSH 8.2 (Feb 2020). Any form of RSA is more secure than any form of DSA, though nowadays you should prefer ed25519 as explained in my answer.

So to be clear, DSA is not really a "better alternative".

Adam adds:

[This] could be read as suggesting DSA is more secure than RSA and that RSA should not be used.

Neither of those are true, though RSA keys generated before 2016 and deployed on systems running OpenSSH < 8.2 should be updated manually.

吃兔兔 2024-09-08 11:44:57

是的,rsa 被认为更安全。

2014 年 10 月,OpenSSH 7(Ubuntu 16.04LTS 的默认设置)禁用了对 DSA 的默认支持。以此作为一个强有力的信号,表明 DSA 不再是推荐的方法。

https://www.gentoo.org /support/news-items/2015-08-13-openssh-weak-keys.html

Yes, rsa is considered more secure.

In October 2014, OpenSSH 7 (the default with Ubuntu 16.04LTS) has disabled default support for DSA. Take this as a strong sign that DSA is not a recommended method anymore.

https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文