SSH Key Types
What is SSH Key Types?
SSH Key TypesThe asymmetric key algorithms accepted by OpenSSH for user and host authentication: RSA, ECDSA (NIST curves), and the modern default Ed25519.
OpenSSH supports several public-key algorithms for user and host authentication. RSA keys (ssh-rsa) remain widespread; modern deployments should generate them at >=3072 bits and use rsa-sha2-256 or rsa-sha2-512 (RFC 8332) instead of the deprecated SHA-1 signature. ECDSA on P-256/P-384/P-521 (RFC 5656) is supported, but its dependency on high-quality randomness has caused real-world key-recovery incidents. Ed25519 (RFC 8709), introduced in OpenSSH 6.5, is now the recommended default: fixed 256-bit keys, deterministic signing, fast verification, no controversial NIST curve. The hardware-backed sk variants (ecdsa-sk and ed25519-sk, RFC 8709) bind the private key to a FIDO authenticator, providing phishing-resistant SSH auth.
● Examples
- 01
Generating a modern user key with ssh-keygen -t ed25519 -C user@host.
- 02
Provisioning a FIDO-backed key with ssh-keygen -t ed25519-sk -O resident -O verify-required.
● Frequently asked questions
What is SSH Key Types?
The asymmetric key algorithms accepted by OpenSSH for user and host authentication: RSA, ECDSA (NIST curves), and the modern default Ed25519. It belongs to the Network Security category of cybersecurity.
What does SSH Key Types mean?
The asymmetric key algorithms accepted by OpenSSH for user and host authentication: RSA, ECDSA (NIST curves), and the modern default Ed25519.
How does SSH Key Types work?
OpenSSH supports several public-key algorithms for user and host authentication. RSA keys (ssh-rsa) remain widespread; modern deployments should generate them at >=3072 bits and use rsa-sha2-256 or rsa-sha2-512 (RFC 8332) instead of the deprecated SHA-1 signature. ECDSA on P-256/P-384/P-521 (RFC 5656) is supported, but its dependency on high-quality randomness has caused real-world key-recovery incidents. Ed25519 (RFC 8709), introduced in OpenSSH 6.5, is now the recommended default: fixed 256-bit keys, deterministic signing, fast verification, no controversial NIST curve. The hardware-backed sk variants (ecdsa-sk and ed25519-sk, RFC 8709) bind the private key to a FIDO authenticator, providing phishing-resistant SSH auth.
How do you defend against SSH Key Types?
Defences for SSH Key Types typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for SSH Key Types?
Common alternative names include: RSA, ECDSA, Ed25519.
● Related terms
- network-security№ 1088
SSH Agent Forwarding
An OpenSSH feature, enabled with -A or ForwardAgent yes, that exposes a UNIX socket on a remote host so commands there can use the local SSH agent to authenticate further hops.
- network-security№ 594
known_hosts File
An OpenSSH client file (~/.ssh/known_hosts) that pins server public keys so SSH can detect host-key changes that could indicate a man-in-the-middle attack.
- identity-access№ 414
FIDO2
An open authentication standard from the FIDO Alliance combining WebAuthn (browser API) and CTAP (authenticator protocol) to enable phishing-resistant, passwordless sign-in.
- cryptography№ 369
ECDSA
The elliptic-curve variant of the Digital Signature Algorithm, standardized in FIPS 186, producing compact signatures whose security relies on the elliptic-curve discrete logarithm problem.
- network-security№ 1087
SSH
A cryptographic network protocol (RFC 4251, port 22) that provides authenticated, encrypted, and integrity-protected remote login, command execution, and tunneling over an untrusted network.