Package: openssh-server Version: 1:8.2p1-4 Severity: wishlist
The private host keys in /etc/ssh are (usually) unencrypted and easy to steal, e.g. using docker (not shown here). Would it be possible to add some code to postinst to make use of the tpm to create and store the private ssh keys, if the hardware can be found? See also the simple-tpm-pk11 package, for example https://blog.habets.se/2013/11/TPM-chip-protecting-SSH-keys---properly.html Regards Harri