[jira] [Commented] (SSHD-1150) Multiple hostkeys in single PEM

Stefan Mueller (Jira) Fri, 26 Mar 2021 03:19:14 -0700


    [ 
https://issues.apache.org/jira/browse/SSHD-1150?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17309327#comment-17309327
 ]


Stefan Mueller commented on SSHD-1150:
--------------------------------------

I attached an example file. It is nothing special. Multiple keys like a key 
chain in a single file. Also multiple files would be okay too.

Some servers I found supporting it (but did not test until now) - I copied the 
part where they mention how to store multiple hostkeys:

(1)

The WinSCP Client has a guide for *OpenSSH on Windows 10*.
[https://winscp.net/eng/docs/guide_windows_openssh_server]

The Windows server uses multiple files:
[https://docs.microsoft.com/de-de/windows-server/administration/openssh/openssh_server_configuration]

HostKey
The defaults are %programdata%/ssh/ssh_host_ecdsa_key, 
%programdata%/ssh/ssh_host_ed25519_key, %programdata%/ssh/ssh_host_dsa_key, and 
%programdata%/ssh/ssh_host_rsa_key. If the defaults are not present, sshd 
automatically generates these on a service start.

(2)

Multiple keys in single file in *ProFTPD*:
[http://www.proftpd.org/docs/contrib/mod_sftp.html#SFTPAuthorizedHostKeys]
The configured file may contain several public keys in RFC4716 format, in no 
particular order.

(3)

Multiple files in *OpenBSD*:
[https://man.openbsd.org/sshd_config.5]
Specifies a file containing a private host key used by SSH. The defaults are 
/etc/ssh/ssh_host_ecdsa_key, /etc/ssh/ssh_host_ed25519_key and 
/etc/ssh/ssh_host_rsa_key.

> Multiple hostkeys in single PEM
> -------------------------------
>
>                 Key: SSHD-1150
>                 URL: https://issues.apache.org/jira/browse/SSHD-1150
>             Project: MINA SSHD
>          Issue Type: Improvement
>            Reporter: Stefan Mueller
>            Priority: Major
>         Attachments: hostkeys.txt
>
>
> I would like to use different hostkeys with different algorithms in a single 
> PEM hostkey file. Some SFTP server support this.
> Also the generator (like BouncyCastleGeneratorHostKeyProvider) could create a 
> key for multiple algorithms.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (SSHD-1150) Multiple hostkeys in single PEM

Reply via email to