Re: Keys generated by "/etc/rc.d/sshd"

To: tech-security <tech-security%NetBSD.org@localhost>
Subject: Re: Keys generated by "/etc/rc.d/sshd"
From: Matthias Scheler <tron%zhadum.org.uk@localhost>
Date: Wed, 28 May 2008 18:44:50 +0100

On Wed, May 28, 2008 at 09:36:57AM -0400, Greg Troxel wrote:
> > Maybe keep it, but just not do it by default ?
> 
> How about if
> 
> sshd_generate_v1keys
> 
> is yes, then it makes v1 keys, and it defaults to no, or isn't in
> defaults/rc.conf at all?

Why do we need a configuration setting? Creating a host key is a one-time
operation. So the question is whether the user can be asked to run this
command manually ...

/usr/bin/ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key -N ''

... or whether we should provide a better interface to do that. And
that interface should IMHO be something like "/etc/rc.d/sshd keygen-v1".

        Kind regards

-- 
Matthias Scheler                                  http://zhadum.org.uk/

Follow-Ups:
- Re: Keys generated by "/etc/rc.d/sshd"
  - From: Manuel Bouyer

References:
- Keys generated by "/etc/rc.d/sshd"
  - From: Matthias Scheler
- Re: Keys generated by "/etc/rc.d/sshd"
  - From: Adrian Portelli
- Re: Keys generated by "/etc/rc.d/sshd"
  - From: Greg Troxel

Prev by Date: Re: Keys generated by "/etc/rc.d/sshd"
Next by Date: Re: Keys generated by "/etc/rc.d/sshd"
Previous by Thread: Re: Keys generated by "/etc/rc.d/sshd"
Next by Thread: Re: Keys generated by "/etc/rc.d/sshd"
Indexes:

Home | Main Index | Thread Index | Old Index