Re: Need a tutorial

To: debian-user@lists.debian.org
Subject: Re: Need a tutorial
From: Gene Heskett <gheskett@shentel.net>
Date: Thu, 22 Sep 2016 12:16:04 -0400
Message-id: <[🔎] 201609221216.04291.gheskett@shentel.net>
In-reply-to: <[🔎] d341caaa-8dd4-9f62-c3a7-66b523601c97@gmail.com>
References: <[🔎] 201609211018.55216.gheskett@shentel.net> <[🔎] 201609220709.53518.gheskett@shentel.net> <[🔎] d341caaa-8dd4-9f62-c3a7-66b523601c97@gmail.com>

On Thursday 22 September 2016 08:06:34 Lars Noodén wrote:

> On 09/22/2016 02:09 PM, Gene Heskett wrote:
> > On Thursday 22 September 2016 03:44:28 Lars Noodén wrote:
>
> ...
>
> >> As far as the key choices go, DSA is considered deprecated, at
> >> least in the more recent versions:
> >>
> >> 	"Support for ssh-dss, ssh-dss-cert-* host and user keys
> >> 	will be run-time disabled by default"
> >> 	 - http://www.openssh.com/txt/release-6.9
> >>
> >> So that leaves RSA if you have old versions of the OpenSSH server
> >> to deal with.  Probably 2048 bits or more is good for a while.
> >> Otherwise, consider Ed25519.
> >
> > This I am not familiar with. Is there an explanatory url?
>
> Well, it was officially turned off in 7.0, just like warned above:
>
> http://www.openssh.com/txt/release-7.0
>
> and there was a bit of discussion around the net like this one:
>
> http://meyering.net/nuke-your-DSA-keys/
>
> But as far as explanations go, that's like the others I've seen to
> phase out any remaining DSA use due to weaknesses.  The articles I've
> seen are either cryptographer level (and thus beyond me) or very
> generic, but the there are multiple problems with DSA at this point.
>
> Ed25519 claims these benefits:
>
> https://ed25519.cr.yp.to/
>
> OpenSSH 6.5 or later will support it.  Wheezy had 6.0 (but 6.6 is in
> the backports), and Jessia has 6.7, and Stretch is getting 7.3.  The
> release notes for 6.5 just mention that it is "better" for security
> and performance.

And I am on wheezy yet, because it Just Works, so I have 6.6p1-4bpo70+1, 
presumably with a bunch of patches.  So there is no way to easily 
determine what patches have been applied. I don't see a ChangeLog in any 
of those packages. 30 lashes with a wet noodle on whoever made the call 
to leave out the ChangeLog's.  Sigh...

> Regards,
> Lars


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply to:

Follow-Ups:
- Re: Need a tutorial
  - From: davidson@freevolt.org

References:
- Need a tutorial
  - From: Gene Heskett <gheskett@shentel.net>
- Re: Need a tutorial
  - From: Gene Heskett <gheskett@shentel.net>
- Re: Need a tutorial
  - From: Lars Noodén <lars.nooden@gmail.com>

Prev by Date: Re: Need a tutorial
Next by Date: Re: Need a tutorial
Previous by thread: Re: Need a tutorial
Next by thread: Re: Need a tutorial
Index(es):
- Date
- Thread