v1.400 2025-01-22

What's Changed

• Change default key type on key creation to ed25519 (previously rsa) (GitHub #48).
• On key creation, custom key comment provided by -C was ignored (GitHub #46). This is fixed. Thanks to @tinhtruong for the report.
• Fix typo in a comment in ~/.ssh/config: Knwon.
• Improve Windows compatibility (fix in parsing of ssh -V).

New Contributors

• @LeZuse made their first contribution in #52

Full Changelog: v1.306...v1.400

v1.306 2022-06-09

• On key creation, switch default key size from 2048 bits to 4096 bits.

• Update ~/.ssh/known_hosts_github to include only the ssh-ed25519 public keys of GitHub servers (ssh-rsa and ssh-dss keys are removed).

• Disallow ssh-rsa public keys for GitHub servers.

v1.305

• Remove MAC algorithm hmac-ripemd160 as it has been removed from OpenSSH 7.6. It is also not supported by GitHub anymore. Thanks to Laggard Kernel for the patch. This had no impact on users as github-keygen does feature detection of OpenSSH.

• Hide warnings about known deprecated OpenSSH options (Protocol, UseRoaming). We still support them to secure old OpenSSH clients.

v1.304

Remove key exchange diffie-hellman-group14-sha1 because removed by GitHub. See https://githubengineering.com/crypto-deprecation-notice/

v1.303

Fix SSH options and algorithm support detection that was accidentally disabled since v1.100. This makes github-keygen work with OpenSSH 7.6+ that removed an algorithm.

Fix for support of OpenSSH down to 5.1.

Detect bad permissions on file ~/.ssh/config and report them.

v1.302

Remove UseRoaming option if OpenSSH >= 7.2 on Mac OS X Sierra (issue #31): Sierra has 7.2p2, same as on Ubuntu 16.04, but not same behaviour.

Old OpenSSH compatibility fixes:

• Hide ssh -Q errors (when the option is not supported).
• Do not use %n in ControlPath option.

v1.301

Remove UseRoaming option if OpenSSH >= 7.3 (Mac OS X Sierra, issue #31): this option has been removed from OpenSSH.

v1.300

Changes:

• Keys registered in ~/.ssh/config are now compared with keys registered on GitHub to detect keys unknown to the service. An --offline flag allows to disable this check.
• Development is back on master branch (instead of deleted devel).

v1.200

Changes:

• Add versioning to the generated config. This will allow to detect dangerous attempts at downgrading to an older version of github-keygen.
• Preserve the position of the github-keygen section in ~/.ssh/config. Previously, the section was always put at the end of the file. This was breaking configs were the user had a Host * section at the end of the file to set default settings: as the section was moved above us, those default settings were applied before our own.

v1.101

Config: set UseRoaming no to protect against the OpenSSH roaming vulnerability.