--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: openssh-server: generated config file differs from reality
- From: Toni Mueller <support@oeko.net>
- Date: Sun, 09 Jun 2013 00:12:08 +0200
- Message-id: <20130608221208.30444.32889.reportbug@spruce.wiehl.oeko.net>
Package: openssh-server
Version: 1:6.0p1-4
Severity: normal
Tags: patch
Dear Maintainer,
I found that the sshd_config file generated from postinst says that
the server key size should be 768 bits. Fortunately, the rest of
the postinst doesn't care and proceeds to generate an RSA key with
2048 bits (the recommended size). I suggest that the generated config
file also states that the key size be 2048 bits instead of 768.
Please see the attached patch.
Kind regards,
--Toni++
-- System Information:
Debian Release: 7.0
APT prefers stable
APT policy: (990, 'stable'), (500, 'testing'), (100, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssh-server depends on:
ii adduser 3.113+nmu3
ii debconf [debconf-2.0] 1.5.49
ii dpkg 1.16.10
ii libc6 2.13-38
ii libcomerr2 1.42.5-1.1
ii libgssapi-krb5-2 1.10.1+dfsg-5
ii libkrb5-3 1.10.1+dfsg-5
ii libpam-modules 1.1.3-7.1
ii libpam-runtime 1.1.3-7.1
ii libpam0g 1.1.3-7.1
ii libselinux1 2.1.9-5
ii libssl1.0.0 1.0.1e-2
ii libwrap0 7.6.q-24
ii lsb-base 4.1+Debian8
ii openssh-client 1:6.0p1-4
ii procps 1:3.3.3-3
ii zlib1g 1:1.2.7.dfsg-13
Versions of packages openssh-server recommends:
ii ncurses-term 5.9-10
ii openssh-blacklist 0.4.1+nmu1
ii openssh-blacklist-extra 0.4.1+nmu1
ii xauth 1:1.0.7-1
Versions of packages openssh-server suggests:
pn molly-guard <none>
pn monkeysphere <none>
pn rssh <none>
ii ssh-askpass 1:1.2.4.1-9
pn ufw <none>
-- Configuration Files:
/etc/default/ssh changed [not included]
-- debconf information excluded
--- postinst.orig 2013-06-06 19:00:54.000000000 +0200
+++ postinst 2013-06-09 00:08:39.947029748 +0200
@@ -167,7 +167,7 @@
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
-ServerKeyBits 768
+ServerKeyBits 2048
# Logging
SyslogFacility AUTH
--- End Message ---
--- Begin Message ---
- To: 711716-done@bugs.debian.org
- Subject: Re: Bug#711716: openssh-server: generated config file differs from reality
- From: Colin Watson <cjwatson@debian.org>
- Date: Mon, 26 Dec 2016 00:42:30 +0000
- Message-id: <20161226004230.GA23885@riva.ucam.org>
- In-reply-to: <20130608221208.30444.32889.reportbug@spruce.wiehl.oeko.net>
- References: <20130608221208.30444.32889.reportbug@spruce.wiehl.oeko.net>
Source: openssh
Source-Version: 1:6.4p1-2
[Previously not sent to -done by mistake.]
On Sun, Jun 09, 2013 at 12:12:08AM +0200, Toni Mueller wrote:
> I found that the sshd_config file generated from postinst says that
> the server key size should be 768 bits. Fortunately, the rest of
> the postinst doesn't care and proceeds to generate an RSA key with
> 2048 bits (the recommended size). I suggest that the generated config
> file also states that the key size be 2048 bits instead of 768.
I updated this somewhat in 1:6.4p1-2 (to 1024), and it's now moot since
protocol 1 support has been disabled (in 7.0p1) and removed (in 7.4p1)
from the server.
Thanks,
--
Colin Watson [cjwatson@debian.org]
--- End Message ---