* Russ Allbery [Thu Apr 24, 2014 at 06:02:57PM -0700]: > md@Linux.IT (Marco d'Itri) writes: > > This is much simpler to implement in jessie, since openssh >= 6.4 > > supports ssh-keygen -A. Also, I am not sure if this should really be > > handled automatically by the init script. Nice, thanks for the hint regarding 'ssh-keygen -A'. I'm aware that it might not be always wanted to have it generated through the init script. We could support controlling its behaviour via /etc/default/ssh though. > If implemented, this should not be done if GSSAPIKeyExchange is enabled, > since in that case the lack of keys may be an intentional configuration > choice by the server administrator to force the use of Kerberos keys > instead of system-generated public keys. Good point, thanks for mentioning that, Russ. Colin, what's your take on this? I'd be willing to work on this if there's any chance to get it merged. regards, -mika-
Attachment:
signature.asc
Description: Digital signature