karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Freeman Fang (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (KARAF-3621) Generate a more secure host key for SSH by default
Date Tue, 12 May 2015 04:49:59 GMT

     [ https://issues.apache.org/jira/browse/KARAF-3621?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Freeman Fang reassigned KARAF-3621:
-----------------------------------

    Assignee: Freeman Fang

> Generate a more secure host key for SSH by default
> --------------------------------------------------
>
>                 Key: KARAF-3621
>                 URL: https://issues.apache.org/jira/browse/KARAF-3621
>             Project: Karaf
>          Issue Type: Improvement
>          Components: karaf-shell
>    Affects Versions: 3.0.3
>            Reporter: Ancoron Luciferis
>            Assignee: Freeman Fang
>              Labels: security
>         Attachments: karaf-3.0.x-Default-to-a-more-secure-SSH-host-key-configuration.patch
>
>
> By default, the Karaf SSH server generates a new 1024-bit DSA host key.
> As we've learned from the crypto specialists in the past few years, this is no longer
seen as being a reasonably secure key pair generation algorithm.
> At the time of this writing, a reasonably secure key pair would be generated using RSA
with a size of 4096 bits.
> References:
> * http://security.stackexchange.com/questions/5096/rsa-vs-dsa-for-ssh-authentication-keys
> * http://meyering.net/nuke-your-DSA-keys/
> * https://stribika.github.io/2015/01/04/secure-secure-shell.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message