В письме от Пятница 23 августа 2013 20:36:26 пользователь Eelco Dolstra написал: > Hi, > > On 23/08/13 20:25, Mathijs Kwik wrote: > > I currently only have an ecdsa host key and would like to keep it that > > way. > > This patch would give me a dsa key too which I don't want. > > The ssh client prefers ECDSA host keys over DSA keys so I don't think this > is a big deal. But we could have an option to enable/disable generation of > DSA keys.
I'd keep the path to the host keys configurable, maybe bump key sizes a little. Otherwise, it should be fine. Unfortunately, the known hosts files can't be fixed and weaker keys will be used until users take action :( _______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev