Re: ssh via inetd the Debian way
On Tue, Apr 25, 2006 at 02:02:03PM -0700, Steve Lamb wrote:
> Uh, does this seem right? I recall sshd generating the key when it is
> first installed and don't recall the key changing every reboot which is when
> sshd would shutdown/startup like it would from inetd. :/
It generates the host-specific keys at install time, but the v1 ssh
protocol requires a second smaller RSA key generated that's not used for
more than an hour, whereas the v2 protocol uses Diffie-Hellman. See the
man page:
SSH protocol version 1
Each host has a host-specific RSA key (normally 2048 bits) used
to identify the host. Additionally, when the daemon starts, it
generates a server RSA key (normally 768 bits). This key is
normally regenerated every hour if it has been used, and is
never stored on disk.
SSH protocol version 2
Version 2 works similarly: Each host has a host-specific key
(RSA or DSA) used to identify the host. However, when the
daemon starts, it does not generate a server key. Forward
security is provided through a Diffie-Hellman key agreement.
This key agreement results in a shared session key.
With inetd, sshd is invoked for each connection, so with the v1 protocol
it must generate a new RSA key for each connection. This does not apply
to the v2 protocol, however.
Reply to: