Switch in April 2024 Patch: Default SSH Algorithm Now Uses ECDSA
Zyxel_Claudia
Posts: 164 
Zyxel Employee
Zyxel Employee
in Other Topics
As part of our continued commitment to improving network security and compatibility, Zyxel Networks has updated the default SSH algorithm used by its switches. Starting with the latest firmware updates, the default SSH algorithm has been changed to ECDSA (Elliptic Curve Digital Signature Algorithm).
Why the Change?
The decision to switch from SSH-RSA to ECDSA is driven by evolving industry standards and tool compatibility:
- OpenSSH 8.0 and newer versions have begun deprecating support for SSH-RSA by default.
- As a result, systems using updated versions of OpenSSH may fail to connect to Zyxel switches that still default to SSH-RSA.
- To prevent connection issues and ensure seamless access, Zyxel has adopted ECDSA as the new default algorithm.
What Is ECDSA?
ECDSA is a modern cryptographic algorithm that:
- Offers stronger security with shorter key lengths.
- Provides faster performance during connection handshakes.
- Is widely supported by current SSH clients, including OpenSSH, PuTTY, and TeraTerm.
Summary
This update ensures that Zyxel switches remain secure, modern, and fully compatible with today's widely used SSH clients and platforms. We recommend all users keep their firmware up to date to benefit from this and other critical security improvements.
0
Categories
- All Categories
- 431 Beta Program
- 2.6K Nebula
- 168 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 368 USG FLEX H Series
- 294 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.7K Consumer Product
- 265 Service & License
- 409 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 83 Security Highlight