On Mon, Dec 15, 2014 at 12:49:40PM +, Safar, Stefan wrote:
>Version: all
The version is relevant - you can't just say "all". What version did
you encounter this bug in?
>During installation (or maybe the first startup, i’m not sure), the
>openssh-server generates 1024bit DSA keys.
As far as I can tell, no, it doesn't. In a fresh unstable chroot:
# apt install openssh-server
[...]
Setting up openssh-server (1:8.0p1-6) ...
Creating config file /etc/ssh/sshd_config with new version
Creating SSH2 RSA key; this may take some time ...
3072 SHA256:CTOaHgFdYim5rV+9TsQNjcxXnghR4n0R7MQT0VkxClY root@niejwein (RSA)
Creating SSH2 ECDSA key; this may take some time ...
256 SHA256:yxBciZ3liGRuAIlZl0r06z0q4PWZJoQNd9/4yMwm/10 root@niejwein (ECDSA)
Creating SSH2 ED25519 key; this may take some time ...
256 SHA256:uAi+rvto2sRR7+OIM9tP5RWqVW1/M1elBv0Rchnw4Js root@niejwein (ED25519)
[...]
# ls -l /etc/ssh
total 596
-rw-r--r-- 1 root root 577325 Aug 28 10:53 moduli
-rw-r--r-- 1 root root 1565 Aug 28 10:53 ssh_config
-rw--- 1 root root505 Sep 10 14:59 ssh_host_ecdsa_key
-rw-r--r-- 1 root root175 Sep 10 14:59 ssh_host_ecdsa_key.pub
-rw--- 1 root root399 Sep 10 14:59 ssh_host_ed25519_key
-rw-r--r-- 1 root root 95 Sep 10 14:59 ssh_host_ed25519_key.pub
-rw--- 1 root root 2602 Sep 10 14:59 ssh_host_rsa_key
-rw-r--r-- 1 root root567 Sep 10 14:59 ssh_host_rsa_key.pub
-rw-r--r-- 1 root root 3250 Aug 28 10:53 sshd_config
The packaging will only generate a DSA host key if you have a HostKey
line in /etc/ssh/sshd_config which explicitly requires it; there is no
such line in the default configuration.
>This bug is somehow related to
>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481133 , but it’s not a
>duplicate.
However, I think it likely is a duplicate of #823827, which was fixed in
1:7.2p2-6 (before stretch). This is why it's relevant which version you
encountered this bug in and whether you have any local customisations,
because if it's a more recent version than that then we need to
investigate further.
Regards,
--
Colin Watson [cjwat...@debian.org]