[Bug 1300133] Re: Generate ED25519 host keys on upgrade
I think this should be done to improve security, especially in light of the new key rotation feature coming in the next version: http://blog.djm.net.au/2015/02/key-rotation-in-openssh-68.html -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1300133 Title: Generate ED25519 host keys on upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1300133/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1300133] Re: Generate ED25519 host keys on upgrade
Hi Charles, On 09/26/2014 01:03 AM, Charles Peters II wrote: # ssh-keygen -A ssh-keygen: generating new host keys: RSA1 ED25519 I don't think we want to add the old RSA1 keys, just the new ED25519. The old RSA1 keys won't be used unless you reference it in sshd_config so there should be no harm. Simon -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1300133 Title: Generate ED25519 host keys on upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1300133/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1300133] Re: Generate ED25519 host keys on upgrade
# ssh-keygen -A ssh-keygen: generating new host keys: RSA1 ED25519 I don't think we want to add the old RSA1 keys, just the new ED25519. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1300133 Title: Generate ED25519 host keys on upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1300133/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1300133] Re: Generate ED25519 host keys on upgrade
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: openssh (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1300133 Title: Generate ED25519 host keys on upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1300133/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1300133] Re: Generate ED25519 host keys on upgrade
@cjwatson, IMHO running ssh-keygen -A and the accompanying restorecon if applicable should be done unconditionally in postinst. This way, the admin would be free to simply add the newer HostKey directives they want to use in sshd_config. More details about this suggestion in LP: #1005440 and LP: #1370523 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1300133 Title: Generate ED25519 host keys on upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1300133/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1300133] Re: Generate ED25519 host keys on upgrade
This key is now generated by default on Finnix that use .deb packages too (see launchpad bug #1314965). this could help as an exemple for adding it. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1300133 Title: Generate ED25519 host keys on upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1300133/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1300133] Re: Generate ED25519 host keys on upgrade
I don't think it's possible to write a prompt about this that ordinary mortals will understand, and I'm not sure I'm comfortable with generating new host keys by default. I'd rather just leave this the way it is. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1300133 Title: Generate ED25519 host keys on upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1300133/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1300133] Re: Generate ED25519 host keys on upgrade
** Changed in: openssh (Ubuntu) Importance: Undecided = Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1300133 Title: Generate ED25519 host keys on upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1300133/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs