From 8de677bd93f98257be8d2f65a0607e2340b320cb Mon Sep 17 00:00:00 2001 From: Hugo Villeneuve Date: Sat, 28 Feb 2015 18:22:43 -0500 Subject: [PATCH] Improve ssh keys security --- stage3/bootscripts/sshd | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/stage3/bootscripts/sshd b/stage3/bootscripts/sshd index 1d3ab9f..66d635c 100755 --- a/stage3/bootscripts/sshd +++ b/stage3/bootscripts/sshd @@ -13,23 +13,21 @@ DAEMON="/usr/sbin/sshd" DAEMON_DESC="SSH server" DAEMON_OPTS="-4" +KEYLEN_BITS=4096 + # Check if SSH server is desired if [ "x${SSH_SERVER_ENA}" != "xyes" -a "x${SSH_SERVER_ENA}" != "xYes" -a "x${SSH_SERVER_ENA}" != "xYES" ]; then exit ${EXIT_CODE_SUCCESS} fi gen_keys() { - if [ ! -e /etc/ssh/ssh_host_key ] ; then - echo "Generating Hostkey..." - /usr/bin/ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N '' - fi - if [ ! -e /etc/ssh/ssh_host_dsa_key ] ; then - echo "Generating DSA-Hostkey..." - /usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N '' - fi if [ ! -e /etc/ssh/ssh_host_rsa_key ] ; then - echo "Generating RSA-Hostkey..." - /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N '' + echo "Generating RSA hostkey..." + /usr/bin/ssh-keygen -t rsa -b ${KEYLEN_BITS} -f /etc/ssh/ssh_host_rsa_key -N '' + fi + if [ ! -e /etc/ssh/ssh_host_ed25519_key ] ; then + echo "Generating Ed25519 hostkey..." + /usr/bin/ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' fi } -- 2.20.1