[
https://issues.apache.org/jira/browse/KARAF-3621?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Freeman Fang resolved KARAF-3621.
---------------------------------
Resolution: Fixed
Fix Version/s: 4.0.0.M3
3.0.4
apply patch on behalf of Ancoron Luciferis with thanks
http://git-wip-us.apache.org/repos/asf/karaf/commit/025c45f6 for karaf-3.0.x
branch
also merge on master
http://git-wip-us.apache.org/repos/asf/karaf/commit/4d9551fd
> Generate a more secure host key for SSH by default
> --------------------------------------------------
>
> Key: KARAF-3621
> URL: https://issues.apache.org/jira/browse/KARAF-3621
> Project: Karaf
> Issue Type: Improvement
> Components: karaf-shell
> Affects Versions: 3.0.3
> Reporter: Ancoron Luciferis
> Assignee: Freeman Fang
> Labels: security
> Fix For: 3.0.4, 4.0.0.M3
>
> Attachments:
> karaf-3.0.x-Default-to-a-more-secure-SSH-host-key-configuration.patch
>
>
> By default, the Karaf SSH server generates a new 1024-bit DSA host key.
> As we've learned from the crypto specialists in the past few years, this is
> no longer seen as being a reasonably secure key pair generation algorithm.
> At the time of this writing, a reasonably secure key pair would be generated
> using RSA with a size of 4096 bits.
> References:
> *
> http://security.stackexchange.com/questions/5096/rsa-vs-dsa-for-ssh-authentication-keys
> * http://meyering.net/nuke-your-DSA-keys/
> * https://stribika.github.io/2015/01/04/secure-secure-shell.html
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
