And more importantly, why has OpenSSH decided give the ECDSA algorithm first priority?
O ECDSA foi introduzido no openssh com a versão 5.7, você pode encontrar as Notas de versão aqui . Em particular, afirma-se:
Implement Elliptic Curve Cryptography modes for key exchange (ECDH)
and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA
offer better performance than plain DH and DSA at the same equivalent
symmetric key length, as well as much shorter keys.
.......
Certificate host and user keys using the new ECDSA key types are
supported - an ECDSA key may be certified, and an ECDSA key may act
as a CA to sign certificates.
ECDH in a 256 bit curve field is the preferred key agreement
algorithm when both the client and server support it. ECDSA host
keys are preferred when learning a host's keys for the first time,
or can be learned using ssh-keyscan(1).
Além disso, RFC 5656 afirma:
Many estimates consider that 2^80-2^90 operations are beyond
feasible, so that would suggest using elliptic curves of at least
160-180 bits. The REQUIRED curves in this document are 256-, 384-,
and 521-bit curves; implementations SHOULD NOT use curves smaller
than 160 bits