[
https://issues.apache.org/jira/browse/KARAF-7807?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17896264#comment-17896264
]
Jean-Baptiste Onofré commented on KARAF-7807:
---------------------------------------------
You are mixing two Karaf sshd configuration:
* {{algorithm}} is the OpenSSH algorithm
* you also have the {{sigAlgorithms}} containing
{{ssh-rsa,rsa-sha2-256,rsa-sha2-512,[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521}}
by default
So, you can change the {{sigAlgorithms}} configuration (in
{{{}etc/org.apache.karaf.shell.cfg{}}}) removing {{{}ssh-rsa{}}}.
Do you mean to change the OpenSSH algorithm as well ?
> Howto disable use of ssh-rsa in integrated Mina SSHD
> ----------------------------------------------------
>
> Key: KARAF-7807
> URL: https://issues.apache.org/jira/browse/KARAF-7807
> Project: Karaf
> Issue Type: Task
> Components: karaf
> Affects Versions: 4.4.3
> Reporter: Volker Voßkämper
> Assignee: Jean-Baptiste Onofré
> Priority: Major
> Labels: security
>
> In OpenSSH you can disable ssh-rsa and use only rsa-sha2-256 and rsa-sha2-512
> by using
> in /etc/ssh/sshd_config:
> {code:java}
> HostKeyAlgorithms rsa-sha2-256,rsa-sha2-512 {code}
> but the Karaf docs [https://karaf.apache.org/manual/latest/remote]
> only have this option:
> {code:java}
> #
> # Self defined key size in 1024, 2048, 3072, or 4096
> # If not set, this defaults to 2048.
> #
> # keySize = 2048
> #
> # Specify host key algorithm, defaults to RSA
> #
> # algorithm = RSA
> {code}
> How to remove ssh-rsa which means a ssh session using SHA1 hash to check the
> key.
> This is a scurity issue.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
