su 26.1.2025 klo 20.09 Colin Watson ([email protected]) kirjoitti: > > On Sun, Jan 26, 2025 at 07:53:26PM +0200, Martin-Éric Racine wrote: > > su 26.1.2025 klo 19.35 Daniel Baumann ([email protected]) kirjoitti: > > > On 1/26/25 16:21, Colin Watson wrote: > > > > 3072-bit RSA seems like a fine default at the moment, > > > > and I expect that Debian will follow future changes made upstream. > > > > > > while I fully agree and don't think that the debian package should > > > divert from upstream here, as an admin I do use different defaults for > > > systems I maintain. > > > > > > From a config management point of view, this is very cumbersome as the > > > postinst do re-create missing things/fallback to upstream defaults. > > > > > > To make it nicer for admins to locally deviate from the defaults.. how > > > about internal preseed option(s) not shown to the user to select > > > host-keys to be generated? Would you accept patches for this? > > I'm wary of adding too much complexity there, but I'd at least consider > such patches. > > > I have noticed this as well e.g. whenever Debian ships a new > > openssh-server package, I've had to manually run the command shown on > > the hardening guide to remove modulus below 3272-bit all over again. > > That's about DH moduli rather than host key sizes, right? That feels > somewhat different, because we just ship upstream's moduli file as a > conffile, so providing any debconf-style control over that would be very > difficult to do in a policy-compliant way. (I'm also not sure what the > compatibility implications are of dropping the smaller primes; I assume > there must be some or upstream would probably have done it already ...)
openssh-server: /etc/ssh/moduli In principle, this is in the /etc hierarchy, so it should be possible to treat it like a config and explicitly skip overwriting it with a debconf question, if we have modified the file such as by removing low primes. > > For what it's worth, I fully agree with Colin that some of Joe Testa's > > recommended hardening measures lack proper justification. Damien > > Miller noticed the same thing, when I recently asked him to comment on > > the recommendations. > > Are those comments somewhere public so that I can look at them? No, I just directly e-mailed Damien asking him whether he agreed with the recommendations 'ssh-audit' makes. He wasn't aware of the existence of the tool or the hardening guide. His initial impression was that some recommendations are perplexing. For instance, he doesn't understand Joe's recommendation against ECDH kex being justified by "heavy suspicion in the community that it is backdoored by a 3-letter agency." Martin-Éric
