Package: openssh-server Version: 1:6.2p2-3 Severity: wishlist
Hi. With respect to the creation of SSH server keys in postinst, may I suggest the following: - not create ssh1 keys at all... actually I've never seen them auto-created, but code seems to be there This is mainly for security reasons... if someone really want's ssh1, he shoul manually create the keys. - specify bit sizes Also for security reasons, use the highest bit sizes possible for the respective algorithm,... it should have basically no performance impact, and if someone really thinks he wants a weaker key,.. he still can manually create it That is rsa2: -b 4096 dsa: -b 1024 ecdsa: -b 521 (no typo) - use the FQDN as comment I always found it handy to have the full hostname on the server keys as comment, i.e. -C "$(hostname -f)" without username, as e.g. root@$(hostname -f), would be the personal key of the user root. Cheers, Chris. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
