On Fri 2017-09-15 18:00:27 -0400, Daniel Kahn Gillmor wrote: > (c) I'm more reluctant about shipping openssh-server enabled by > default, for the same sort of forensics concerns i have in (a).
one more concern, actually, is ssh host key generation. I want to make
sure that the debirf image doesn't have a secret key shipped in it.
i think the right thing is to auto-generate an ed25519 key at service
start time if it doesn't already exist, but i'm not sure the best way to
make that happen.
--dkg
signature.asc
Description: PGP signature
