New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Luckily, we get taught the good old British English here in my country. None of that American English substitute. Even if I do like to tease a British friend by only referring to crisps as chips.
That's the kind of if/else scenario that I would suggest upsets and confuses customers. Sure it wouldn't upset or confuse you, or you might feel that it shouldn't upset or confuse others, but your brain is vastly different than 99% and you know that
You don't really get to decide what frustrates customers, but you do learn what frustrates them over time.
In the end, this "problem" (as small as it is) will have to solved at some point. Doesnt hurt to think about how to solve it now already.
Ultimately it would resolve itself when all relevant LTS distros support it from the SSH version offered in their own repositories. At which point it's implementation would upset or confuse no one.
I was mostly talking about a case where in the future RSA is still very much the most used key, but not all that secure anymore. The change to a new cipher would have to be done similarly. (old distris not support it out of the box)
As much as I hate to say that but I agree to a large degree with @jarland here.
I, for example pretty much never use the panel once a VPS is up and running. It just a way to e.g. put an OS image into the virtual CD. But I know that many, many (probably most) clients do pretty much everything via the panel. For them it must be super simple.
Also one should consider that SSH/SSL confuses most people anyway (I've seen plenty stupid standard SSL and SSH configs on systems run by "experienced unix admins". So evidently SSL and SSH is super confusing to Joe and Jane panel-click customer and one should really avoid to confuse them even more by "frightening" choices like "Would you like an RSA key or an ECC key (ED25519)?". The best this could achieve were lots of tickets with questions and lots of support time wasted.
At the same time those of us who really know their way couldn't care less; we will certainly not use the panel to configure our security. For us that whole issue comes down to "well some first SSH config to start things" and it doesn't matter at all whether we use RSA or ECC in our first session when we set up our boxes; that happens with the shell and vi anyway.
So again, I suggest to just use whatever happens to be the default and then
scp .ssh/vp1ex_id_ed15519.pub [vps ip]..., and next on the vps "cat vp1ex_id_ed15519.pub >> .ssh/authorized_keys" (or mv ... in case we don't want to keep the default install key) ... and that's about it.
Such, both are happy. We professionals type a couple of commands and Joe and Jane Panel-click have at least a halfway secure SSH setup.
I dont really care. If my data worth cracking RSA, I would not trust 3rd party in first place.
This if/else scenario isn't created by the panel. It's inherent in the distro. All you're doing is making the behaviour consistent between distro and panel, you're not adding any new if/else cases.
Again, I don't see the problem.