Bug#711716: openssh-server: generated config file differs from reality
Package: openssh-server
Version: 1:6.0p1-4
Severity: normal
Tags: patch
Dear Maintainer,
I found that the sshd_config file generated from postinst says that
the server key size should be 768 bits. Fortunately, the rest of
the postinst doesn't care and proceeds to generate an RSA key with
2048 bits (the recommended size). I suggest that the generated config
file also states that the key size be 2048 bits instead of 768.
Please see the attached patch.
Kind regards,
--Toni++
-- System Information:
Debian Release: 7.0
APT prefers stable
APT policy: (990, 'stable'), (500, 'testing'), (100, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssh-server depends on:
ii adduser 3.113+nmu3
ii debconf [debconf-2.0] 1.5.49
ii dpkg 1.16.10
ii libc6 2.13-38
ii libcomerr2 1.42.5-1.1
ii libgssapi-krb5-2 1.10.1+dfsg-5
ii libkrb5-3 1.10.1+dfsg-5
ii libpam-modules 1.1.3-7.1
ii libpam-runtime 1.1.3-7.1
ii libpam0g 1.1.3-7.1
ii libselinux1 2.1.9-5
ii libssl1.0.0 1.0.1e-2
ii libwrap0 7.6.q-24
ii lsb-base 4.1+Debian8
ii openssh-client 1:6.0p1-4
ii procps 1:3.3.3-3
ii zlib1g 1:1.2.7.dfsg-13
Versions of packages openssh-server recommends:
ii ncurses-term 5.9-10
ii openssh-blacklist 0.4.1+nmu1
ii openssh-blacklist-extra 0.4.1+nmu1
ii xauth 1:1.0.7-1
Versions of packages openssh-server suggests:
pn molly-guard <none>
pn monkeysphere <none>
pn rssh <none>
ii ssh-askpass 1:1.2.4.1-9
pn ufw <none>
-- Configuration Files:
/etc/default/ssh changed [not included]
-- debconf information excluded
--- postinst.orig 2013-06-06 19:00:54.000000000 +0200
+++ postinst 2013-06-09 00:08:39.947029748 +0200
@@ -167,7 +167,7 @@
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
-ServerKeyBits 768
+ServerKeyBits 2048
# Logging
SyslogFacility AUTH
Reply to: