i want to remotely ssh to my home server, and I was wondering if I could just forward port 22 with disabling password login and use pubkey authentication will be safe enough?
i want to remotely ssh to my home server, and I was wondering if I could just forward port 22 with disabling password login and use pubkey authentication will be safe enough?
Also don’t use rsa, use Ed25519 nowadays
RSA is fine. It isn’t like you will have to worry about the length of the keys for SSH.
https://arstechnica.com/security/2023/11/hackers-can-steal-ssh-cryptographic-keys-in-new-cutting-edge-attack/
Requires an actual hardware error. Almost all implementations, including all open source SSH implementations, check that the signature is valid thus preventing a cosmic ray induced bit flip from triggering this issue and any related issue.
What effect do hardware errors have on Ed25519?
Well it‘s true that one can use RSA, which is still save with keys big enough, but if someone wants so save some extra computing power and time ed25519 is the way to go.
The difference is extremely tiny because asymmetric encryption is only used at the very beginning to securely establish a symmetric key that will be used for everything else afterwards. So you would have to be running this on a smart fridge to notice the speed difference.
True enough
It is but if you’re going to use something security related, use the current recommendation unless you stricly can’t for legacy reason or something.
I think that legacy reason in this case would be already having RSA keys. The point is that you don’t have to go through the bother of replacing them.