• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Android SSH Tunnel with 8192 bit RSA key?

P

pcm81

Senior member
I am playing around with RSA keys to replace the password authentication for my SSH-2 server. I generated an 8192 bit RSA key in Putty under windows and successfully added the public OpenSSH copy of it to my SSH server. Putty establishes connection without issues. I am looking for a decent Android SSH Tunnel app that supports 8192 bit private keys. Any Suggestions? Tried couple tunneling apps from playstore, but the ones I tried do not work with 8192-bit key. Also would rather stay away from proprietary formatted keys.

Thanks ahead.
 
pcm81 said:
I am playing around with RSA keys to replace the password authentication for my SSH-2 server. I generated an 8192 bit RSA key in Putty under windows and successfully added the public OpenSSH copy of it to my SSH server. Putty establishes connection without issues. I am looking for a decent Android SSH Tunnel app that supports 8192 bit private keys. Any Suggestions? Tried couple tunneling apps from playstore, but the ones I tried do not work with 8192-bit key. Also would rather stay away from proprietary formatted keys.

Thanks ahead.
Click to expand...

What are you storing in your servers, Death Star blueprints?! 🙂

RSA2048 is more than enough for the moment I believe.
Actually, even old 1024 bit keys still can be used, and 4096 keys are the real sign of some paranoia here!
 
It's more about speed really. If you can afford how slow it is to use a key size that big then go for it. At this point I would start using 4096 keys by default. 1024 is really too small and we're approaching the time when 2048 may also be considered too small although we're not there yet.

We now also have options like ECC[1] which offer the same security but much smaller key sizes so you can look into using them as well if the device supports it. Modern OpenSSH versions support EdDSA[2] along with the NIST curves. I would recommend using either curve25519 which was designed to reduce the risk of implementation errors or nistp521 since it actually has a pretty sane implementation compared with the other two supported.

[1] https://en.wikipedia.org/wiki/Elliptic_curve_cryptography
[2] https://en.wikipedia.org/wiki/EdDSA
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top