Bug#738593: openssh-server: changelog mis-description, ... upgrades create ed25519 host keys as well
On Tue, Feb 11, 2014 at 01:30:35PM +0100, Christoph Anton Mitterer wrote:
> On Tue, 2014-02-11 at 11:19 +0000, Colin Watson wrote:
> > I'll retroactively correct the changelog. (You still need
> > to add the HostKey entry manually on upgrades.)
> Actually I didn't understand that at all.. why do you need that? It
> seems to be that ssh looks per default at /etc/ssh/ssh_host_ed25519_key
Only if HostKey isn't specified at all, and we have long included
explicit HostKey directives in our stock sshd_config.
> AFAIU the 6.5 release notes, ED25519, should be used per default (when
> client/server both support it)... but it seems the case,... the default
> for HostKeyAlgorithms seems to still have ECDSA first, while
> KexAlgorithms prefers Curve25519 now...
That'd be something to bring up with upstream, I think. I'm not an
expert on the serious crypto involved in OpenSSH.
Cheers,
--
Colin Watson [cjwatson@debian.org]
Reply to: