No support for ECDSA keys (BB-12110)

Issue #4222 closed
Kent Fredric
created an issue

My current version of OpenSSH : * OpenSSH_6.0p1-hpn13v11, OpenSSL 1.0.1c 10 May 2012

And generating a key with

{{{ ssh-keygen -t ecdsa -b 521 }}}

Generates a public key with the following leading:

{{{ ecdsa-sha2-nistp521 }}}

However, the sites public key submission field rejects my public key regardless of what I do

Official response

Comments (45)

  1. Kent Fredric reporter

    Could it be a feature request for some future time?

    I understand its probably not viable, nor a priority to support "right now", but assuming one day you upgrade your toolchain to an openssl/ssh system that does support ecdsa, it seems relatively straight forward to drop in support for it, and it would be a "nice to have" imo.

    Granted, I haven't looked at the code, and the inverse-Occams razor always applies to IT in that its always more complicated than you think. =).

  2. Winston Weinert

    This would be nice. I was also disappointed to see the web interface rejected my ECDSA key.

    Fwiw BB's sshd (OpenSSH 5.3) doesn't support ECDSA. I'm at a loss to why this is a "wontfix" issue.

  3. Berk D. Demir

    Maybe mark this as a feature request?

    ECDSA SSH keys are defined by RFC 5656 and since OpenSSH 5.7, it is the default key type for ssh-keygen.

    ECDSA keys are shorter than RSA and DSA keys, offering the same level of strength. A 256-bits ECDSA key is more or less equal to a 3072-bits RSA key. Computationally ECDSA is less intensive than RSA and DSA when signing but more intensive at verifying.

  4. Daniel Houck

    I also agree that this should be fixed, or at least that the "wontfix" status should be explained. It seems like it would take a relatively small amount of effort to fix and that it would provide a large benefit for this effort (even if not that large a benefit overall).

  5. Andrzej Godziuk

    Is there a chance ECDSA keys will be supported any time soon? I've phased out my RSA keys and I only need to keep one for Bitbucket which some of my clients use.

    Please, make Bitbucket support modern standards, it's 2014 and nobody uses RSA for SSH anymore.

  6. Erik van Zijst

    It probably shouldn't have been WONTFIX'd, as we do want to offer ECDSA keys, but this will require upgraded of part of our SSH infrastructure that is not currently being worked on. I'll reopen the issue.

  7. Anonymous

    Great to hear that it's under consideration and yup we appreciate this is not a simple tick box solution!

  8. Michael Jennings

    As of OpenSSH 7.0 and higher, DSA keys are obsolete as they are no longer considered secure, and support for them is completely disabled by the default runtime configuration. In the upcoming OpenSSH 7.2 release, the plan is to disable RSA keys shorter than 1024 bits as well. Users with DSA keys, and soon shorter RSA keys, are being "forced" to upgrade to the newer, more secure key algorithms such as ECDSA and ED25519. It is now becoming increasingly urgent for all hosting and service platforms to support these algorithms.

    For what it's worth, I had no trouble getting my ECDSA and ED25519 public keys working on GitHub. I was shocked when they failed to be accepted by BitBucket. I strongly urge you to bump the priority on this item. See for some additional details.

  9. Bram Bouwens

    AFAICS ED25519 is becoming a little more popular than ECDSA, so it would make sense to support the former. But I don't see any arguments not to support both. It's not like this needs to take hours to implement.

  10. Benjamin Echols

    We're working on upgrading our SSH infrastructure. Unfortunately, it's not as trivial as just updating our version of OpenSSH. I don't have a delivery date, but this is on our roadmap. I'll post more specifics here as I get them.

  11. Log in to comment