tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Keys generated by "/etc/rc.d/sshd"

On Wed, May 28, 2008 at 09:36:57AM -0400, Greg Troxel wrote:
> > Maybe keep it, but just not do it by default ?
> How about if
> sshd_generate_v1keys
> is yes, then it makes v1 keys, and it defaults to no, or isn't in
> defaults/rc.conf at all?

Why do we need a configuration setting? Creating a host key is a one-time
operation. So the question is whether the user can be asked to run this
command manually ...

/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N ''

... or whether we should provide a better interface to do that. And
that interface should IMHO be something like "/etc/rc.d/sshd keygen-v1".

        Kind regards

Matthias Scheler                        

Home | Main Index | Thread Index | Old Index