Improve ssh keys security

author Hugo Villeneuve <hugo@hugovil.com>

Sat, 28 Feb 2015 23:22:43 +0000 (18:22 -0500)

committer Hugo Villeneuve <hugo@hugovil.com>

Sun, 1 Mar 2015 01:39:44 +0000 (20:39 -0500)
author Hugo Villeneuve <hugo@hugovil.com>
Sat, 28 Feb 2015 23:22:43 +0000 (18:22 -0500)
committer Hugo Villeneuve <hugo@hugovil.com>
Sun, 1 Mar 2015 01:39:44 +0000 (20:39 -0500)
diff --git a/stage3/bootscripts/sshd b/stage3/bootscripts/sshd

index 1d3ab9f..66d635c 100755 (executable)
--- a/stage3/bootscripts/sshd
+++ b/stage3/bootscripts/sshd
@@ -13,23 +13,21 @@ DAEMON="/usr/sbin/sshd"
  DAEMON_DESC="SSH server"
  DAEMON_OPTS="-4"
  
+KEYLEN_BITS=4096
+
  # Check if SSH server is desired
  if [ "x${SSH_SERVER_ENA}" != "xyes" -a "x${SSH_SERVER_ENA}" != "xYes" -a "x${SSH_SERVER_ENA}" != "xYES" ]; then
      exit ${EXIT_CODE_SUCCESS}
  fi
  
  gen_keys() {
-    if [ ! -e /etc/ssh/ssh_host_key ] ; then
-       echo "Generating Hostkey..."
-       /usr/bin/ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N ''
-    fi
-    if [ ! -e /etc/ssh/ssh_host_dsa_key ] ; then
-       echo "Generating DSA-Hostkey..."
-       /usr/bin/ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N ''
-    fi
      if [ ! -e /etc/ssh/ssh_host_rsa_key ] ; then
-       echo "Generating RSA-Hostkey..."
-       /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
+       echo "Generating RSA hostkey..."
+       /usr/bin/ssh-keygen -t rsa -b ${KEYLEN_BITS} -f /etc/ssh/ssh_host_rsa_key -N ''
+    fi
+    if [ ! -e /etc/ssh/ssh_host_ed25519_key ] ; then
+       echo "Generating Ed25519 hostkey..."
+        /usr/bin/ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ''
      fi
  }
author	Hugo Villeneuve <hugo@hugovil.com>
	Sat, 28 Feb 2015 23:22:43 +0000 (18:22 -0500)
committer	Hugo Villeneuve <hugo@hugovil.com>
	Sun, 1 Mar 2015 01:39:44 +0000 (20:39 -0500)