Bug#1094246: openssh-server: postinst: please implement ssh-audit recommended keygen options

[Daniel Baumann <daniel@debian.org>]

Hi Colin,

On 1/26/25 16:21, Colin Watson wrote:
> 3072-bit RSA seems like a fine default at the moment,
> and I expect that Debian will follow future changes made upstream.

while I fully agree and don't think that the debian package should
divert from upstream here, as an admin I do use different defaults for
systems I maintain.

>From a config management point of view, this is very cumbersome as the
postinst do re-create missing things/fallback to upstream defaults.

To make it nicer for admins to locally deviate from the defaults.. how
about internal preseed option(s) not shown to the user to select
host-keys to be generated? Would you accept patches for this?

Regards,
Daniel