This question is more theoretical than anything else.
First, I love copSSH. Together with Tunnelier, it is an awesome combination that makes me feel very secure. Thank you for copSSH!
When I connect to my copSSH box, I get the following:
Server version string: SSH-2.0-OpenSSH_4.7
New host key received. Algorithm: ssh-rsa, Size: 2048 bits, MD5 Fingerprint: 6d:3b:c9:97:8d:3e:64:5e:dc:4f:53:cb:75:48:1a:82, Bubble-Babble: xedib-rusos-zygah-zumak-covyf-darap-vevyc-dukum-gufak-helof-roxax.
First key exchange completed.
Key exchange: diffie-hellman-group14-sha1. Session encryption: blowfish-cbc, MAC: hmac-sha1, compression: zlib.
Attempting 'publickey' authentication. Using keypair at slot 1.
A passphrase has not been provided. Continuing with acceptance test only.
Authentication succeeded. The keypair has been accepted. Remaining authentication methods: 'none,publickey,password,keyboard-interactive'.
Attempting 'publickey' authentication. Using keypair at slot 1.
Authentication completed.
Apart from using AES-256 instead of Blowfish, am I connecting the strongest way possible? I use a 4096-bit ssh-rsa key during authentication and I am sure my diceword passphrase is secure.
I am not an expert by any means with encryption, so I guess what throws me is the 2048-bit hostkey. Could it be made 4096-bit? If so, how? Would that be really any "stronger" than what I have now?
Thanks.
The default key length is increased to 2048-bit when OpenSSH 4.3 was released. This was done according to recommendations from the NESSIE project, which accepts 1536-bit as the minimum for the medium term security (5-10 years).
So, you should be fine with 2048-bit. However, you can use longer keys. Keep in mind that they require more processing time.