Bugzilla – Attachment 2930 Details for
Bug 2662
Does it still make sense to use DSA host keys by default?
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Remove ssh_host_dsa_key from HostKey default
0001-Remove-ssh_host_dsa_key-from-HostKey-default.patch (text/plain), 2.38 KB, created by
Colin Watson
on 2017-01-17 01:47:01 AEDT
(
hide
)
Description:
Remove ssh_host_dsa_key from HostKey default
Filename:
MIME Type:
Creator:
Colin Watson
Created:
2017-01-17 01:47:01 AEDT
Size:
2.38 KB
patch
obsolete
>From ded1766eed8ce0a9474ccd7177fb1906b6df7df8 Mon Sep 17 00:00:00 2001 >From: Colin Watson <cjwatson@debian.org> >Date: Mon, 16 Jan 2017 13:53:04 +0000 >Subject: [PATCH] Remove ssh_host_dsa_key from HostKey default > >The client no longer accepts DSA host keys, and servers using the >default HostKey setting should have better host keys available. >--- > servconf.c | 2 -- > sshd.8 | 7 +++---- > sshd_config | 1 - > sshd_config.5 | 7 +++---- > 4 files changed, 6 insertions(+), 11 deletions(-) > >diff --git a/servconf.c b/servconf.c >index 795ddba..210038f 100644 >--- a/servconf.c >+++ b/servconf.c >@@ -201,8 +201,6 @@ fill_default_server_options(ServerOptions *options) > /* fill default hostkeys for protocols */ > options->host_key_files[options->num_host_key_files++] = > _PATH_HOST_RSA_KEY_FILE; >- options->host_key_files[options->num_host_key_files++] = >- _PATH_HOST_DSA_KEY_FILE; > #ifdef OPENSSL_HAS_ECC > options->host_key_files[options->num_host_key_files++] = > _PATH_HOST_ECDSA_KEY_FILE; >diff --git a/sshd.8 b/sshd.8 >index 41fc505..90b237b 100644 >--- a/sshd.8 >+++ b/sshd.8 >@@ -164,11 +164,10 @@ This option must be given if > is not run as root (as the normal > host key files are normally not readable by anyone but root). > The default is >-.Pa /etc/ssh/ssh_host_dsa_key , >-.Pa /etc/ssh/ssh_host_ecdsa_key , >-.Pa /etc/ssh/ssh_host_ed25519_key >+.Pa /etc/ssh/ssh_host_rsa_key , >+.Pa /etc/ssh/ssh_host_ecdsa_key > and >-.Pa /etc/ssh/ssh_host_rsa_key . >+.Pa /etc/ssh/ssh_host_ed25519_key . > It is possible to have multiple host key files for > the different host key algorithms. > .It Fl i >diff --git a/sshd_config b/sshd_config >index 9f09e4a..4cb94a0 100644 >--- a/sshd_config >+++ b/sshd_config >@@ -16,7 +16,6 @@ > #ListenAddress :: > > #HostKey /etc/ssh/ssh_host_rsa_key >-#HostKey /etc/ssh/ssh_host_dsa_key > #HostKey /etc/ssh/ssh_host_ecdsa_key > #HostKey /etc/ssh/ssh_host_ed25519_key > >diff --git a/sshd_config.5 b/sshd_config.5 >index 32b29d2..cd6ecb1 100644 >--- a/sshd_config.5 >+++ b/sshd_config.5 >@@ -697,11 +697,10 @@ is not to load any certificates. > Specifies a file containing a private host key > used by SSH. > The defaults are >-.Pa /etc/ssh/ssh_host_dsa_key , >-.Pa /etc/ssh/ssh_host_ecdsa_key , >-.Pa /etc/ssh/ssh_host_ed25519_key >+.Pa /etc/ssh/ssh_host_rsa_key , >+.Pa /etc/ssh/ssh_host_ecdsa_key > and >-.Pa /etc/ssh/ssh_host_rsa_key . >+.Pa /etc/ssh/ssh_host_ed25519_key . > .Pp > Note that > .Xr sshd 8 >-- >2.7.4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2930">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2662
: 2930