[KARAF-3621] Generate a more secure host key for SSH by default - ASF JIRA

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.0.3
Fix Version/s: 3.0.4, 4.0.0.M3
Component/s: karaf
Labels:
- security

Description

By default, the Karaf SSH server generates a new 1024-bit DSA host key.

As we've learned from the crypto specialists in the past few years, this is no longer seen as being a reasonably secure key pair generation algorithm.

At the time of this writing, a reasonably secure key pair would be generated using RSA with a size of 4096 bits.

References:

http://security.stackexchange.com/questions/5096/rsa-vs-dsa-for-ssh-authentication-keys
http://meyering.net/nuke-your-DSA-keys/
https://stribika.github.io/2015/01/04/secure-secure-shell.html

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending

Attachments

karaf-3.0.x-Default-to-a-more-secure-SSH-host-key-configuration.patch
20/Mar/15 15:21
12 kB
Ancoron Luciferis

Activity

People

Assignee:

Freeman Fang

Reporter:

Ancoron Luciferis

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

19/Mar/15 12:56

Updated:

15/Sep/18 16:35

Resolved:

15/May/15 07:32