Android SSH Tunnel with 8192 bit RSA key?

pcm81

Senior member
Mar 11, 2011
584
9
81
I am playing around with RSA keys to replace the password authentication for my SSH-2 server. I generated an 8192 bit RSA key in Putty under windows and successfully added the public OpenSSH copy of it to my SSH server. Putty establishes connection without issues. I am looking for a decent Android SSH Tunnel app that supports 8192 bit private keys. Any Suggestions? Tried couple tunneling apps from playstore, but the ones I tried do not work with 8192-bit key. Also would rather stay away from proprietary formatted keys.

Thanks ahead.
 

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,102
126
Your connection is not to central bank and no one is going to hack you.
 

imort

Junior Member
Jun 10, 2016
9
0
0
I am playing around with RSA keys to replace the password authentication for my SSH-2 server. I generated an 8192 bit RSA key in Putty under windows and successfully added the public OpenSSH copy of it to my SSH server. Putty establishes connection without issues. I am looking for a decent Android SSH Tunnel app that supports 8192 bit private keys. Any Suggestions? Tried couple tunneling apps from playstore, but the ones I tried do not work with 8192-bit key. Also would rather stay away from proprietary formatted keys.

Thanks ahead.

What are you storing in your servers, Death Star blueprints?! :)

RSA2048 is more than enough for the moment I believe.
Actually, even old 1024 bit keys still can be used, and 4096 keys are the real sign of some paranoia here!
 

TheRyuu

Diamond Member
Dec 3, 2005
5,479
14
81
It's more about speed really. If you can afford how slow it is to use a key size that big then go for it. At this point I would start using 4096 keys by default. 1024 is really too small and we're approaching the time when 2048 may also be considered too small although we're not there yet.

We now also have options like ECC[1] which offer the same security but much smaller key sizes so you can look into using them as well if the device supports it. Modern OpenSSH versions support EdDSA[2] along with the NIST curves. I would recommend using either curve25519 which was designed to reduce the risk of implementation errors or nistp521 since it actually has a pretty sane implementation compared with the other two supported.

[1] https://en.wikipedia.org/wiki/Elliptic_curve_cryptography
[2] https://en.wikipedia.org/wiki/EdDSA
 

TheRyuu

Diamond Member
Dec 3, 2005
5,479
14
81