Bug#738593: openssh-server: changelog mis-description, ... upgrades create ed25519 host keys as well

[Colin Watson <cjwatson@debian.org>]

On Tue, Feb 11, 2014 at 01:26:29AM +0100, Christoph Anton Mitterer wrote:
> As far as I'd understand the changelog entry
>   * Generate ED25519 host keys on fresh installations.  Upgraders who wish
>     to add such host keys should manually add 'HostKey
>     /etc/ssh/ssh_host_ed25519_key' to /etc/ssh/sshd_config and run
>     'ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519'.
> for 1:6.5p1-1...
> 
> ED25519 are not created on package upgrades but only fresh installations.

Oops, right.  I'll retroactively correct the changelog.  (You still need
to add the HostKey entry manually on upgrades.)

> This does not seem to be the case (I'm generally unsure whether I like
> the idea of automatically created keys... since this may also happen in
> low entropy situations)...

Well, that's why I prefer to do this in the postinst rather than at boot
time as some other distributions do, as I think it's much more likely
that sufficient entropy will be available when installing packages.

Cheers,

-- 
Colin Watson                                       [cjwatson@debian.org]