Hi!

Can someone point me to where I can find supported ssh key types / formats?    I didn't find it so far, only an example showing, that you should create ssh-keys for your users by using ssh-keygen -t rsa.

I'm asking because I tried today to upload a key of type ssh-ed25519, and it is refused with the error: CMMVC6504E The task cannot be initiated because the SSH key file that you have specified does not contain a valid SSH key, which makes me think that type is not supported, as I could successfully upload an rsa key.

Problem is that we are discouraged from using rsa keys, and encouraged to use newer eclyptic key type ssh keys, and most of our users already have use these key types.

So before asking our users to create new keys, I'm wondering if we may find a key type which is accepted by both.

Best regards,

  Alexander

------------------------------
Alexander Reichle-Schmehl
------------------------------

Hi Alexander,

the supported ssh key types, say the supported ciphers can be policed by setting the ssh security level.

This is done by CLI command chsecurity -sshprotocol <level>.

Details on the levels can be found in IBM Docs article Security levels and supported security ciphers.

Hi!

Can someone point me to where I can find supported ssh key types / formats?    I didn't find it so far, only an example showing, that you should create ssh-keys for your users by using ssh-keygen -t rsa.

I'm asking because I tried today to upload a key of type ssh-ed25519, and it is refused with the error: CMMVC6504E The task cannot be initiated because the SSH key file that you have specified does not contain a valid SSH key, which makes me think that type is not supported, as I could successfully upload an rsa key.

Problem is that we are discouraged from using rsa keys, and encouraged to use newer eclyptic key type ssh keys, and most of our users already have use these key types.

So before asking our users to create new keys, I'm wondering if we may find a key type which is accepted by both.

Best regards,

  Alexander

------------------------------
Alexander Reichle-Schmehl
------------------------------

Thanks for the pointer!

I can confirm that a key I created via ssh-keygen -t ecdsa works in our test environment.  Which should be good enough for us, also I'm curious why the key I created with ssh-keygen -t ed25519 is not accepted.

Without deeper knowledge about that I would have guessed by the name I would have guessed that they belong to the listed curve25519-sha256 or curve25519-sha256@libssh.org.

Hi Alexander,

the supported ssh key types, say the supported ciphers can be policed by setting the ssh security level.

This is done by CLI command chsecurity -sshprotocol <level>.

Details on the levels can be found in IBM Docs article Security levels and supported security ciphers.

Hi!

Can someone point me to where I can find supported ssh key types / formats?    I didn't find it so far, only an example showing, that you should create ssh-keys for your users by using ssh-keygen -t rsa.

I'm asking because I tried today to upload a key of type ssh-ed25519, and it is refused with the error: CMMVC6504E The task cannot be initiated because the SSH key file that you have specified does not contain a valid SSH key, which makes me think that type is not supported, as I could successfully upload an rsa key.

Problem is that we are discouraged from using rsa keys, and encouraged to use newer eclyptic key type ssh keys, and most of our users already have use these key types.

So before asking our users to create new keys, I'm wondering if we may find a key type which is accepted by both.

Best regards,

  Alexander

------------------------------
Alexander Reichle-Schmehl
------------------------------

Hi!

Can someone point me to where I can find supported ssh key types / formats?    I didn't find it so far, only an example showing, that you should create ssh-keys for your users by using ssh-keygen -t rsa.

I'm asking because I tried today to upload a key of type ssh-ed25519, and it is refused with the error: CMMVC6504E The task cannot be initiated because the SSH key file that you have specified does not contain a valid SSH key, which makes me think that type is not supported, as I could successfully upload an rsa key.

Problem is that we are discouraged from using rsa keys, and encouraged to use newer eclyptic key type ssh keys, and most of our users already have use these key types.

So before asking our users to create new keys, I'm wondering if we may find a key type which is accepted by both.

Best regards,

  Alexander

------------------------------
Alexander Reichle-Schmehl
------------------------------

Hello Alexander,
  I think what you are looking for is documented here:
https://www.ibm.com/docs/en/sanvolumecontroller/8.5.x?topic=reference-security-levels-supported-security-ciphers

Hi!

Can someone point me to where I can find supported ssh key types / formats?    I didn't find it so far, only an example showing, that you should create ssh-keys for your users by using ssh-keygen -t rsa.

I'm asking because I tried today to upload a key of type ssh-ed25519, and it is refused with the error: CMMVC6504E The task cannot be initiated because the SSH key file that you have specified does not contain a valid SSH key, which makes me think that type is not supported, as I could successfully upload an rsa key.

Problem is that we are discouraged from using rsa keys, and encouraged to use newer eclyptic key type ssh keys, and most of our users already have use these key types.

So before asking our users to create new keys, I'm wondering if we may find a key type which is accepted by both.

Best regards,

  Alexander

------------------------------
Alexander Reichle-Schmehl
------------------------------