No support for ECDSA keys (BB-12110)

Issue #4222 closed
Kent Fredric created an issue

My current version of OpenSSH : * OpenSSH_6.0p1-hpn13v11, OpenSSL 1.0.1c 10 May 2012

And generating a key with

{{{ ssh-keygen -t ecdsa -b 521 }}}

Generates a public key with the following leading:

{{{ ecdsa-sha2-nistp521 }}}

However, the sites public key submission field rejects my public key regardless of what I do

Official response

Comments (45)

  1. Kent Fredric reporter

    Could it be a feature request for some future time?

    I understand its probably not viable, nor a priority to support "right now", but assuming one day you upgrade your toolchain to an openssl/ssh system that does support ecdsa, it seems relatively straight forward to drop in support for it, and it would be a "nice to have" imo.

    Granted, I haven't looked at the code, and the inverse-Occams razor always applies to IT in that its always more complicated than you think. =).

  2. Winston Weinert

    This would be nice. I was also disappointed to see the web interface rejected my ECDSA key.

    Fwiw BB's sshd (OpenSSH 5.3) doesn't support ECDSA. I'm at a loss to why this is a "wontfix" issue.

  3. Berk D. Demir

    Maybe mark this as a feature request?

    ECDSA SSH keys are defined by RFC 5656 and since OpenSSH 5.7, it is the default key type for ssh-keygen.

    ECDSA keys are shorter than RSA and DSA keys, offering the same level of strength. A 256-bits ECDSA key is more or less equal to a 3072-bits RSA key. Computationally ECDSA is less intensive than RSA and DSA when signing but more intensive at verifying.

  4. Rikard Mustajärvi

    I was also surprised that my ECDSA key wasn't accepted. Could you give some background to why this is a wontfix?

  5. Daniel Houck

    I also agree that this should be fixed, or at least that the "wontfix" status should be explained. It seems like it would take a relatively small amount of effort to fix and that it would provide a large benefit for this effort (even if not that large a benefit overall).

  6. Freso Fenderson

    I just filed #6312 which is marked as "enhancement" and not a bug, and then I found this one. Perhaps #6312 will have more luck in at least having an eventual "wontfix" explained. :)

  7. Andrzej Godziuk

    Is there a chance ECDSA keys will be supported any time soon? I've phased out my RSA keys and I only need to keep one for Bitbucket which some of my clients use.

    Please, make Bitbucket support modern standards, it's 2014 and nobody uses RSA for SSH anymore.

  8. Robin Speekenbrink

    Too bad this isnt supported, it is more and more becomming the default... ? Why is this labeled as 'wontfix' ?

  9. Erik van Zijst

    It probably shouldn't have been WONTFIX'd, as we do want to offer ECDSA keys, but this will require upgraded of part of our SSH infrastructure that is not currently being worked on. I'll reopen the issue.

  10. Former user Account Deleted

    Great to hear that it's under consideration and yup we appreciate this is not a simple tick box solution!

  11. Tobias Gerschner

    Lagging behind with the timely implementations of emerging security standards and changes doesn't look good for a cloud provider.

  12. Michael Jennings

    As of OpenSSH 7.0 and higher, DSA keys are obsolete as they are no longer considered secure, and support for them is completely disabled by the default runtime configuration. In the upcoming OpenSSH 7.2 release, the plan is to disable RSA keys shorter than 1024 bits as well. Users with DSA keys, and soon shorter RSA keys, are being "forced" to upgrade to the newer, more secure key algorithms such as ECDSA and ED25519. It is now becoming increasingly urgent for all hosting and service platforms to support these algorithms.

    For what it's worth, I had no trouble getting my ECDSA and ED25519 public keys working on GitHub. I was shocked when they failed to be accepted by BitBucket. I strongly urge you to bump the priority on this item. See http://www.openssh.com/legacy.html for some additional details.

  13. Michael Moravec

    Bump, open for 3 years? This really needs some love from Bitbucket's security team.

    As already mentioned, GitHub supports both modern ECDSA and Ed25519 keys.

  14. Michal Belica

    I'd consider this a fail. I have to keep a bulky RSA key around only for Bitbucket as everyone else has moved on :-(

  15. Pavel Ognev

    I see Bitbucket have a strong intention to postpone fixing of this SECURITY issue. Why only legacy crypto is supported?

  16. Bram Bouwens

    AFAICS ED25519 is becoming a little more popular than ECDSA, so it would make sense to support the former. But I don't see any arguments not to support both. It's not like this needs to take hours to implement.

  17. Benjamin Echols Account Deactivated

    We're working on upgrading our SSH infrastructure. Unfortunately, it's not as trivial as just updating our version of OpenSSH. I don't have a delivery date, but this is on our roadmap. I'll post more specifics here as I get them.

  18. Alastair Wilkes staff

    Hi everyone!

    The team is pleased to report that ECDSA keys are now supported. You can go ahead and add your key to get started.

    Please comment on this issue if you have any questions or issues. Thanks!

  19. Log in to comment