Bug#738593: openssh-server: changelog mis-description, ... upgrades create ed25519 host keys as well
On Tue, Feb 11, 2014 at 01:26:29AM +0100, Christoph Anton Mitterer wrote:
> As far as I'd understand the changelog entry
> * Generate ED25519 host keys on fresh installations. Upgraders who wish
> to add such host keys should manually add 'HostKey
> /etc/ssh/ssh_host_ed25519_key' to /etc/ssh/sshd_config and run
> 'ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519'.
> for 1:6.5p1-1...
>
> ED25519 are not created on package upgrades but only fresh installations.
Oops, right. I'll retroactively correct the changelog. (You still need
to add the HostKey entry manually on upgrades.)
> This does not seem to be the case (I'm generally unsure whether I like
> the idea of automatically created keys... since this may also happen in
> low entropy situations)...
Well, that's why I prefer to do this in the postinst rather than at boot
time as some other distributions do, as I think it's much more likely
that sufficient entropy will be available when installing packages.
Cheers,
--
Colin Watson [cjwatson@debian.org]
Reply to: