On Mon, Dec 15, 2014 at 12:49:40PM +0000, Safar, Stefan wrote: > Version: all
The version is relevant - you can't just say "all". What version did you encounter this bug in? > During installation (or maybe the first startup, i’m not sure), the > openssh-server generates 1024bit DSA keys. As far as I can tell, no, it doesn't. In a fresh unstable chroot: # apt install openssh-server [...] Setting up openssh-server (1:8.0p1-6) ... Creating config file /etc/ssh/sshd_config with new version Creating SSH2 RSA key; this may take some time ... 3072 SHA256:CTOaHgFdYim5rV+9TsQNjcxXnghR4n0R7MQT0VkxClY root@niejwein (RSA) Creating SSH2 ECDSA key; this may take some time ... 256 SHA256:yxBciZ3liGRuAIlZl0r06z0q4PWZJoQNd9/4yMwm/10 root@niejwein (ECDSA) Creating SSH2 ED25519 key; this may take some time ... 256 SHA256:uAi+rvto2sRR7+OIM9tP5RWqVW1/M1elBv0Rchnw4Js root@niejwein (ED25519) [...] # ls -l /etc/ssh total 596 -rw-r--r-- 1 root root 577325 Aug 28 10:53 moduli -rw-r--r-- 1 root root 1565 Aug 28 10:53 ssh_config -rw------- 1 root root 505 Sep 10 14:59 ssh_host_ecdsa_key -rw-r--r-- 1 root root 175 Sep 10 14:59 ssh_host_ecdsa_key.pub -rw------- 1 root root 399 Sep 10 14:59 ssh_host_ed25519_key -rw-r--r-- 1 root root 95 Sep 10 14:59 ssh_host_ed25519_key.pub -rw------- 1 root root 2602 Sep 10 14:59 ssh_host_rsa_key -rw-r--r-- 1 root root 567 Sep 10 14:59 ssh_host_rsa_key.pub -rw-r--r-- 1 root root 3250 Aug 28 10:53 sshd_config The packaging will only generate a DSA host key if you have a HostKey line in /etc/ssh/sshd_config which explicitly requires it; there is no such line in the default configuration. > This bug is somehow related to > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481133 , but it’s not a > duplicate. However, I think it likely is a duplicate of #823827, which was fixed in 1:7.2p2-6 (before stretch). This is why it's relevant which version you encountered this bug in and whether you have any local customisations, because if it's a more recent version than that then we need to investigate further. Regards, -- Colin Watson [[email protected]]
