[jira] [Created] (KARAF-3621) Ship a more secure host key for SSH by default

Ancoron Luciferis (JIRA) Thu, 19 Mar 2015 05:57:10 -0700

Ancoron Luciferis created KARAF-3621:
----------------------------------------


             Summary: Ship a more secure host key for SSH by default
                 Key: KARAF-3621
                 URL: https://issues.apache.org/jira/browse/KARAF-3621
             Project: Karaf
          Issue Type: Improvement
          Components: karaf-shell
    Affects Versions: 3.0.3
            Reporter: Ancoron Luciferis


By default, the Karaf SSH server generates a new 1024-bit DSA host key.

As we've learned from the crypto specialists in the past few years, this is no 
longer seen as being a reasonably secure key pair generation algorithm.

At the time of this writing, a reasonably secure key pair would be generated 
using RSA with a size of 4096 bits.

References:
* 
http://security.stackexchange.com/questions/5096/rsa-vs-dsa-for-ssh-authentication-keys
* http://meyering.net/nuke-your-DSA-keys/
* https://stribika.github.io/2015/01/04/secure-secure-shell.html




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (KARAF-3621) Ship a more secure host key for SSH by default

Reply via email to