Security

The State of SSH in 2025: What Has Changed?

If you are still generating keys with ssh-keygen -t rsa, it's time to update your knowledge. The landscape of SSH security has shifted significantly in the last few years. Here is a summary of what has changed and how you should configure SSH in 2025.

1. The Death of RSA/SHA-1

SSH Neon Logo

Old RSA keys (specifically ssh-rsa) often rely on SHA-1 signatures, which are now considered weak. OpenSSH 8.8 (released way back in 2021) disabled RSA signatures using SHA-1 by default.

If you try to connect to a legacy server, you might see: Unable to negotiate with ...: no matching host key type found. Their offer: ssh-rsa

The Fix: Stop using ssh-rsa. If you must use RSA, ensure your client/server supports rsa-sha2-256 or rsa-sha2-512.

2. Ed25519 is the New Standard

Forget about RSA 4096 vs 2048. The industry standard is now Ed25519.

  • Faster: Key generation and signing are incredibly fast.
  • Smaller: Keys are tiny string compard to massive RSA blocks.
  • More Secure: Resistant to side-channel attacks.
# The command you should run today
ssh-keygen -t ed25519 -C "your-email@example.com"

3. FIDO2 / U2F Hardware Keys

This is the biggest game changer. OpenSSH 8.2+ supports FIDO2 security keys (like YubiKey) natively.

# Generate a hardware-backed key
ssh-keygen -t ed25519-sk

This generates a "key handle" on your disk, but the actual private key never leaves the hardware token. Even if your laptop is stolen and compromised, the attacker cannot SSH into your servers without your physical key.

Glossary

  • U2F/FIDO2: Standards for hardware authentication devices.
  • Resident Key: A key stored entirely on the hardware token, allowing you to move between computers easily.
  • Touch Presence: The requirement to physically touch the key to approve an SSH connection.

4. Windows Support

Windows 10/11 now ships with OpenSSH client (and server!) pre-installed. You can use native ssh in PowerShell or Command Prompt. No more tooling like PuTTY is strictly required for basic tasks.

Summary for 2025

  1. Don't use ssh-rsa or dsa.
  2. Use ed25519 for file-based keys.
  3. Upgrade to ed25519-sk (FIDO2) for critical infrastructure access.