I think this should be done to improve security, especially in light of
the new key rotation feature coming in the next version:
http://blog.djm.net.au/2015/02/key-rotation-in-openssh-68.html
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
Hi Charles,
On 09/26/2014 01:03 AM, Charles Peters II wrote:
# ssh-keygen -A
ssh-keygen: generating new host keys: RSA1 ED25519
I don't think we want to add the old RSA1 keys, just the new ED25519.
The old RSA1 keys won't be used unless you reference it in sshd_config
so there should be no
# ssh-keygen -A
ssh-keygen: generating new host keys: RSA1 ED25519
I don't think we want to add the old RSA1 keys, just the new ED25519.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: openssh (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
@cjwatson, IMHO running ssh-keygen -A and the accompanying restorecon
if applicable should be done unconditionally in postinst.
This way, the admin would be free to simply add the newer HostKey
directives they want to use in sshd_config. More details about this
suggestion in LP: #1005440 and LP:
This key is now generated by default on Finnix that use .deb packages
too (see launchpad bug #1314965). this could help as an exemple for
adding it.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
I don't think it's possible to write a prompt about this that ordinary
mortals will understand, and I'm not sure I'm comfortable with
generating new host keys by default. I'd rather just leave this the way
it is.
--
You received this bug notification because you are a member of Ubuntu
Server
** Changed in: openssh (Ubuntu)
Importance: Undecided = Medium
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1300133
Title:
Generate ED25519 host keys on upgrade
To manage