[Bug 1300133] [NEW] Generate ED25519 host keys on upgrade

Charles Peters II cp at LinuxTech.com
Mon Mar 31 10:16:30 UTC 2014 

Public bug reported:

openssh (1:6.5p1-1) unstable; urgency=medium
  ...
  * Generate ED25519 host keys on fresh installations.  Upgraders who wish
    to add such host keys should manually add 'HostKey
    /etc/ssh/ssh_host_ed25519_key' to /etc/ssh/sshd_config and run
    'ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519'.
   ...
-- Colin Watson <cjwatson at debian.org>  Mon, 10 Feb 2014 14:58:26 +0000

Most users and many administrators are not going to notice the new host
key capabilities when it is buried in a changelog.  We should at least
give them a obvious hint about it.

Even better would be to prompt the user to generate the keys with a
debconf question like was recently done with the "Change to
"PermitRootLogin without-password"".

I would like to label this as a security vulnerability, but that may be
a bit over the top, it would be a security improvement!

** Affects: openssh (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1300133

Title:
  Generate ED25519 host keys on upgrade

Status in “openssh” package in Ubuntu:
  New

Bug description:
  openssh (1:6.5p1-1) unstable; urgency=medium
    ...
    * Generate ED25519 host keys on fresh installations.  Upgraders who wish
      to add such host keys should manually add 'HostKey
      /etc/ssh/ssh_host_ed25519_key' to /etc/ssh/sshd_config and run
      'ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519'.
     ...
  -- Colin Watson <cjwatson at debian.org>  Mon, 10 Feb 2014 14:58:26 +0000

  Most users and many administrators are not going to notice the new
  host key capabilities when it is buried in a changelog.  We should at
  least give them a obvious hint about it.

  Even better would be to prompt the user to generate the keys with a
  debconf question like was recently done with the "Change to
  "PermitRootLogin without-password"".

  I would like to label this as a security vulnerability, but that may
  be a bit over the top, it would be a security improvement!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1300133/+subscriptions

More information about the foundations-bugs mailing list