Description of problem: sshd-keygen by default generates three host keys, a DSA key, plus 2048 bit SSH1 and SSH2 RSA keys. SSH DSA host keys have a mandatory key size of 1024 bits, which is rumored to be breakable for an adversary having sufficient ressources and hence should not be considered as secure anymore. SSH1 has design flaws that make it insecure. It has thus long been disabled for sshd by default. DSA and SSH1 host keys should hence not be generated anymore, to prevent their use. Please ship /etc/sysconfig/sshd with AUTOCREATE_SERVER_KEYS=RSAONLY in the default configuration. As a beneficial side effect, the key generation will becomes faster, since only one key needs to be generated. The Bullrun Briefing Sheet, published in the context of the Snowden affair, shows that the NSA considers ssh traffic as exploitable, so let's not hesistante to close the most obvious candidates for attack vectors. Those who, for whatever reason, need a DSA host key can generate it by hand. Version-Release number of selected component (if applicable): openssh-server-6.2p2-5.fc19.i686 How reproducible: always Steps to Reproduce: 1. install openssh-server 2. check /etc/ssh/*.pub Actual results: DSA 1024 bit keys and SSH1 RSA keys were generated in addition to a SSH2 RSA key. Expected results: Only a SSH2 RSA host key with 2048 bits is generated.
Created attachment 800546 [details] generate only RSA keys by default
openssh-6.2p2-8.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/openssh-6.2p2-8.fc20
openssh-6.2p2-8.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.