Package: openssh-server Version: 1:9.9p1-3 Severity: important X-Debbugs-Cc: martin-eric.rac...@iki.fi
In its postinst, openssh-server currently generates host keys with upstream defaults. While there's nothing inherently wrong with that, a more proactive approach to strong cryptography might be desirable. The homepage of the auditing tool 'ssh-audit' suggests [1] using the following keygen recipes instead: ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N "" ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N "" The key difference with upstream defaults (and openssh-server postinst) and the above is the enforcement of 4096-bit RSA keys. It would be extremely desirable for Debian to implement this out of the box. Thanks! Martin-Éric [1] https://www.sshaudit.com/hardening_guides.html#debian_12 -- System Information: Debian Release: trixie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (x86_64) Kernel: Linux 6.1.0-30-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8), LANGUAGE=fi:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages openssh-server depends on: ii adduser 3.137 ii debconf [debconf-2.0] 1.5.89 ii init-system-helpers 1.68 ii libaudit1 1:4.0.2-2+b1 ii libc6 2.40-6 ii libcom-err2 1.47.2-1 ii libcrypt1 1:4.4.38-1 ii libgssapi-krb5-2 1.21.3-4 ii libkrb5-3 1.21.3-4 ii libpam-modules 1.5.3-7+b1 ii libpam-runtime 1.5.3-7 ii libpam0g 1.5.3-7+b1 ii libselinux1 3.7-3+b1 ii libssl3t64 3.4.0-2 pn libwrap0 <none> ii openssh-client 1:9.9p1-3 pn openssh-sftp-server <none> ii procps 2:4.0.4-6 pn runit-helper <none> ii sysvinit-utils [lsb-base] 3.13-1 ii ucf 3.0048 ii zlib1g 1:1.3.dfsg+really1.3.1-1+b1 Versions of packages openssh-server recommends: ii libpam-systemd [logind] 257.2-3 pn ncurses-term <none> ii xauth 1:1.1.2-1.1 Versions of packages openssh-server suggests: pn molly-guard <none> pn monkeysphere <none> pn ssh-askpass <none> pn ufw <none>
