1212020 – openssh: Stop creating DSA host keys

Bug 1212020 - openssh: Stop creating DSA host keys

Summary: openssh: Stop creating DSA host keys

Status:	NEW

Alias:	None

Product:	openSUSE Tumbleweed
Classification:	openSUSE
Component:	Security (show other bugs)
Version:	Current
Hardware:	Other Other

Priority:	P5 - None Severity: Minor (vote)
Target Milestone:	---
Assignee:	Hans Petter Jansson
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-06-05 11:55 UTC by Jörg Sonnenberger
Modified:	2023-06-06 07:25 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jörg Sonnenberger 2023-06-05 11:55:41 UTC

sshd has supported a number of public key algorithms to identify the host. DSA is one of the oldest and due to the key size nowadays considered plainly insecure, to the point that DSA user keys are disabled by default. There should be no need to create them by default as any client of the ssh2 protocol should support at least RSA with reasonable defaults.

Note: I'm not asking about removing existing keys, just that they are no longer created.

Comment 1 Andreas Stieger 2023-06-05 13:41:37 UTC

https://build.opensuse.org/package/view_file/network/openssh/sshd-gen-keys-start?expand=1

> ssh-keygen -A