I currently only have an ecdsa host key and would like to keep it that way. This patch would give me a dsa key too which I don't want.
On Fri, Aug 23, 2013 at 7:28 PM, Eelco Dolstra <[email protected]> wrote: > Hi, > > On 23/08/13 18:05, Peter Simons wrote: > >> I am in favor of changing the default key type to something stronger >> than 1024 bit DSA for newly generated keys. >> >> I do not want any of my existing keys re-generated or replaced, though. >> >> Can the change in NixOS be made in such a way that accomplishs this? > > We can just generate an ECDSA key in addition to the DSA key, which is in fact > what upstream's "make host-key" does. I suggest we apply the attached patch > that does that. It's completely backwards compatible in that it will generate > an ECDSA host key on systems that don't have one, while clients that have the > DSA key in their known_hosts will continue to use that. (It also drops the > configurability of the host key type since that doesn't support having > multiple > host keys.) > > -- > Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ > > _______________________________________________ > nix-dev mailing list > [email protected] > http://lists.science.uu.nl/mailman/listinfo/nix-dev > _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
