What's the difference between id_rsa.pub and id_dsa.pub?

Is one more secure than the other?

id_rsa.pub and id_dsa.pub are the public keys for id_rsa and id_dsa.

If you are asking in relation to SSH, id_rsa is an RSA key and can be used with the SSH protocol 1 or 2, whereas id_dsa is a DSA key and can only be used with SSH protocol 2. Both are very secure, but DSA does seem to be the standard these days (assuming all your clients/servers support SSH 2).

Update: Since this was written DSA has been shown to be insecure. More information available in the answer below.

SSH uses public/private key pairs, so id_rsa is your [RSA](https://en.wikipedia.org/wiki/RSA_%28cryptosystem%29 "Rivest, Shamir, and Adleman cryptosystem") private key (based on prime numbers), which is more secure than your id_dsa [DSA](https://en.wikipedia.org/wiki/Digital_Signature_Algorithm "Digital Signature Algorithm") private key (based on exponents). Keep your private keys safe and share your id_rsa.pub and id_dsa.pub public keys broadly.

DSA is insecure

DSA has a guessable parameter if your computer's random number generator is sub par, which will reveal your secret key. [ECDSA](https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm "Elliptic Curve Digital Signature Algorithm") (DSA's elliptical curve upgrade) is similarly vulnerable. Even with good random numbers, DSA has [other strength concerns](https://www.nccgroup.com/globalassets/newsroom/us/news/documents/2013/ritter_samuel_stamos_bh_2013_cryptopocalypse.pdf "Black Hat USA 2013 - The Factoring Dead: Preparing for the Cryptopocalypse (slides)")/[](https://www.youtube.com/watch?v=33RbRid1deo "Black Hat USA 2013 - The Factoring Dead: Preparing for the Cryptopocalypse (YouTube)") (these are [also found in Diffie-Hellman](https://weakdh.org/ "Weak Diffie-Hellman and the Logjam Attack")).

OpenSSH creates insecure 1024 bit keys^{([workaround](https://digitalelf.net/2014/02/using-2048-bit-dsa-keys-with-openssh/ "Use OpenSSL to create 2048 & 3072 bit DSA keys for OpenSSH"))} and now [disables DSA by default](http://www.openssh.com/legacy.html "“OpenSSH 7.0 and greater similarly disables the ssh-dss (DSA) public key algorithm. It too is weak and we recommend against its use.”").

Use Ed25519 when possible

Elliptic curve cryptography offers increased complexity with smaller key sizes. Ed25519 (based on the complexity of plane-modeled elliptical curves) is the preferred implementation due to its assumed lack of meddling (leaked documents show that the US [NSA weakens crypto standards](http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html "“(TS//SI) The fact that NSA/CSS makes cryptographic modifications to commercial or indigenous cryptographic information security devices or systems in order to make them exploitable.”")).

Unfortunately, Ed25519 is still rather new, requiring [OpenSSH 6.5](http://www.openssh.org/txt/release-6.5 "released 2014-01-29, available in Red Hat 7.1") or [GnuPG 2.1](https://www.gnupg.org/faq/whats-new-in-2.1.html "released 2014-11-06, available in Red Hat 7.0") (see the full list).

Use RSA with 4096 bits when Ed25519 is unavailable

RSA key sizes of 4096 bits should have comparable complexity to Ed25519.

Ed25519 is still preferred to RSA due to a worry that RSA may be vulnerable to the same strength concerns as DSA, though applying that exploit to RSA is expected to be considerably harder.

> rsa is considered more secure.

Not anymore (May 2020, ten years later), with OpenSSH 8.2, as reported by Julio

> ## Future deprecation notice

> It is now possible1 to perform chosen-prefix attacks against the SHA-1 hash algorithm for less than USD$50K.
For this reason, we will be disabling the "ssh-rsa" public key signature algorithm that depends on SHA-1 by default in a near-future release.

(See "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust" Leurent, G and Peyrin, T (2020) )

> This algorithm is unfortunately still used widely despite the existence of better alternatives, being the only remaining public key signature algorithm specified by the original SSH RFCs.

> The better alternatives include:

> * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512.
These algorithms have the advantage of using the same key type as "ssh-rsa", but use the safe SHA-2 hash algorithms.
These have been supported since OpenSSH 7.2 and are already used by default if the client and server support them.

> * The ssh-ed25519 signature algorithm.
It has been supported in OpenSSH since release 6.5.

> * The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521.
These have been supported by OpenSSH since release 5.7.

> To check whether a server is using the weak ssh-rsa public key algorithm for host authentication, try to connect to it after removing the ssh-rsa algorithm from ssh(1)'s allowed list:

> ssh -oHostKeyAlgorithms=-ssh-rsa user@host

> If the host key verification fails and no other supported host key types are available, the server software on that host should be upgraded.

> A future release of OpenSSH will enable UpdateHostKeys by default to allow the client to automatically migrate to better algorithms.
Users may consider enabling this option manually.

Yes, rsa is considered more secure.

In October 2014, OpenSSH 7 (the default with Ubuntu 16.04LTS) has disabled default support for DSA. Take this as a strong sign that DSA is not a recommended method anymore.

https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html

One uses DSA and one uses RSA.