[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#738593: openssh-server: changelog mis-description, ... upgrades create ed25519 host keys as well

On Tue, Feb 11, 2014 at 01:30:35PM +0100, Christoph Anton Mitterer wrote:
> On Tue, 2014-02-11 at 11:19 +0000, Colin Watson wrote:
> >   I'll retroactively correct the changelog.  (You still need
> > to add the HostKey entry manually on upgrades.)
> Actually I didn't understand that at all.. why do you need that? It
> seems to be that ssh looks per default at /etc/ssh/ssh_host_ed25519_key

Only if HostKey isn't specified at all, and we have long included
explicit HostKey directives in our stock sshd_config.

> AFAIU the 6.5 release notes, ED25519, should be used per default (when
> client/server both support it)... but it seems the case,... the default
> for HostKeyAlgorithms seems to still have ECDSA first, while
> KexAlgorithms prefers Curve25519 now...

That'd be something to bring up with upstream, I think.  I'm not an
expert on the serious crypto involved in OpenSSH.

Cheers,

-- 
Colin Watson                                       [cjwatson@debian.org]
Reply to: