default sshd host keys

[Taylor R Campbell <campbell+netbsd-tech-security%mumble.net@localhost>]

(I am not subscribed to these lists, so please cc me in replies.)

If you enable sshd on stock NetBSD 6.0_RC1, then by default on boot
you will get an RSA host key with a 1024-bit modulus, a DSA host key
with 1024/160-bit parameters, and an ECDSA host key from the nistp521
curve.  All this is decided by the defaults specified in
/etc/rc.d/sshd and /etc/defaults/rc.conf.

But these days, 1024-bit RSA moduli and 1024/160-bit DSA parameters
are much too small for comfort[1].  ssh-keygen itself will generate
2048-bit RSA moduli by default, and the only reason that we end up
with 1024-bit RSA moduli is that we set

   ssh_keygen_flags="-b 1024"

in /etc/defaults/rc.conf.  I would like at least to replace this by

   ssh_keygen_flags=""

so that we get the defaults in ssh-keygen without our having to update
/etc/defaults/rc.conf every time the default key sizes are updated in
ssh-keygen.  Objections?



Going a little further, we could use `ssh-keygen -A' to generate all
the keys, instead of the script in /etc/rc.d/sshd.  However, that's a
bigger change, and I am also nervous about using 1024/160-bit DSA
parameters, which are much too small these days; or even using (EC)DSA
at all, because it requires an entropy source not only for key
generation but also to make signatures.  So if we make any bigger
change, I'd like to discuss using only RSA keys with >=2048-bit moduli
by default.

[1] See, e.g., <http://www.keylength.com/>.