Just how weak are they, and why? Am 23.08.2013 14:02 schrieb <[email protected]>:
> I has been brought to our attention that the host keys created by the > default > SSH daemon configuration are too weak. > > Fix: > > If you don't care about compatibility with old and broken software: > services.openssh.hostKeyType = "ecdsa521"; > > Otherwise: > services.openssh.hostKeyType = "rsa3072"; > > Attempts to log into the host will cause SSH to complain about the key > change. > If you had anything that relies on passwordless logins, it will break. > > I have added a check for weak keys to sshd startup script: > f8a6fa774e4e0e31c1bfdbd73bffd2d2dfa2e5d2 > > I'll wait a couple of days and then change the hostKeyType default. Or > maybe > it should be done sooner? > > _______________________________________________ > nix-dev mailing list > [email protected] > http://lists.science.uu.nl/mailman/listinfo/nix-dev >
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
