Other key types for Teleport clients

[dsseng]

Feature Request

As I've seen now by using Teleport and in the code, it doesn't support other key types than RSA. I think Ed25519 should be supported, since it's a more modern, fast and secure type of signing algorithm.

Motivation

New algorithms for SSH auth are supported by OpenSSH and Dropbear, why not to support them in Teleport?

Who's it for?

OSS User, Pro, Enterprise

[lsascha]

This is especially importand now when using openssh nodes that use openssh 8.2 since they do no longer support ssh_rsa by default
and you get the following error in the openssh server log:

userauth_pubkey: certificate signature algorithm ssh-rsa: signature algorithm not supported [preauth]

[awly]

@lsascha OpenSSH complains about the signing algorithm (using SHA1 vs SHA2 hash) there, which is slightly different.
Teleport 4.3 adds support for SHA2-based RSA signing algorithms to fix this, see Upgrade Notes in https://github.com/gravitational/teleport/releases/tag/v4.3.0

But yes, configurable key types would be nice-to-have. We just need time and people to do the work.
There are some technical wrinkles to iron out (e.g. FIPS requirements), but it's totally doable.

[strideynet]

Closing in favour of #28392