Package: openssh-server Version: 1:6.0p1-4 Severity: normal Tags: patch Dear Maintainer,
I found that the sshd_config file generated from postinst says that the server key size should be 768 bits. Fortunately, the rest of the postinst doesn't care and proceeds to generate an RSA key with 2048 bits (the recommended size). I suggest that the generated config file also states that the key size be 2048 bits instead of 768. Please see the attached patch. Kind regards, --Toni++ -- System Information: Debian Release: 7.0 APT prefers stable APT policy: (990, 'stable'), (500, 'testing'), (100, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openssh-server depends on: ii adduser 3.113+nmu3 ii debconf [debconf-2.0] 1.5.49 ii dpkg 1.16.10 ii libc6 2.13-38 ii libcomerr2 1.42.5-1.1 ii libgssapi-krb5-2 1.10.1+dfsg-5 ii libkrb5-3 1.10.1+dfsg-5 ii libpam-modules 1.1.3-7.1 ii libpam-runtime 1.1.3-7.1 ii libpam0g 1.1.3-7.1 ii libselinux1 2.1.9-5 ii libssl1.0.0 1.0.1e-2 ii libwrap0 7.6.q-24 ii lsb-base 4.1+Debian8 ii openssh-client 1:6.0p1-4 ii procps 1:3.3.3-3 ii zlib1g 1:1.2.7.dfsg-13 Versions of packages openssh-server recommends: ii ncurses-term 5.9-10 ii openssh-blacklist 0.4.1+nmu1 ii openssh-blacklist-extra 0.4.1+nmu1 ii xauth 1:1.0.7-1 Versions of packages openssh-server suggests: pn molly-guard <none> pn monkeysphere <none> pn rssh <none> ii ssh-askpass 1:1.2.4.1-9 pn ufw <none> -- Configuration Files: /etc/default/ssh changed [not included] -- debconf information excluded
--- postinst.orig 2013-06-06 19:00:54.000000000 +0200 +++ postinst 2013-06-09 00:08:39.947029748 +0200 @@ -167,7 +167,7 @@ # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 -ServerKeyBits 768 +ServerKeyBits 2048 # Logging SyslogFacility AUTH