Bug#1094246: openssh-server: postinst: please implement ssh-audit recommended keygen options
On Sun, Jan 26, 2025 at 07:53:26PM +0200, Martin-Éric Racine wrote:
> su 26.1.2025 klo 19.35 Daniel Baumann (daniel@debian.org) kirjoitti:
> > On 1/26/25 16:21, Colin Watson wrote:
> > > 3072-bit RSA seems like a fine default at the moment,
> > > and I expect that Debian will follow future changes made upstream.
> >
> > while I fully agree and don't think that the debian package should
> > divert from upstream here, as an admin I do use different defaults for
> > systems I maintain.
> >
> > From a config management point of view, this is very cumbersome as the
> > postinst do re-create missing things/fallback to upstream defaults.
> >
> > To make it nicer for admins to locally deviate from the defaults.. how
> > about internal preseed option(s) not shown to the user to select
> > host-keys to be generated? Would you accept patches for this?
I'm wary of adding too much complexity there, but I'd at least consider
such patches.
> I have noticed this as well e.g. whenever Debian ships a new
> openssh-server package, I've had to manually run the command shown on
> the hardening guide to remove modulus below 3272-bit all over again.
That's about DH moduli rather than host key sizes, right? That feels
somewhat different, because we just ship upstream's moduli file as a
conffile, so providing any debconf-style control over that would be very
difficult to do in a policy-compliant way. (I'm also not sure what the
compatibility implications are of dropping the smaller primes; I assume
there must be some or upstream would probably have done it already ...)
> For what it's worth, I fully agree with Colin that some of Joe Testa's
> recommended hardening measures lack proper justification. Damien
> Miller noticed the same thing, when I recently asked him to comment on
> the recommendations.
Are those comments somewhere public so that I can look at them?
Thanks,
--
Colin Watson (he/him) [cjwatson@debian.org]
Reply to: