Future deprecation of ssh-rsa

Peter Stuge peter at stuge.se
Thu Oct 22 00:31:31 AEDT 2020


I've expressed several concerns with enabling UpdateHostKeys by default,
none of which were even commented on, so this topic seems to not be in
any way open for discussion, but I'll still add one more thing here.

Peter Stuge wrote:
> Subject: Re: UpdateHostkeys now enabled by default
> Date: Mon, 5 Oct 2020 11:22:29 +0000
..
> I do not disagree with progressive key management, we clearly need to
> roll keys now and then, and I'm also not against some automation, but
> I don't think that it should be fully automated.
..
> Host keys are quite stable and I think that's a good thing.


Damien Miller wrote:
> No, we haven't set a target date yet. It really depends on how well
> turning on UpdateHostKeys goes, how quickly a release with UpdateHostKeys
> ends up on common OS distributions and a couple of other things.

Beyond strongly disagreeing with clients silently accepting and persisting
unsolicited configuration changes from servers by default, I would like to
see differentiation between a couple of different UpdateHostKeys cases:

* from ssh-rsa to rsa-sha2-* without the host key changing
* from ssh-rsa to either ssh-rsa or rsa-sha2-* with a *new host key*, and
* from ssh-rsa to say ssh-ed25519 with a *new public host key algorithm*

I don't think that these three cases can reasonably be considered
to ever have the same, or even comparable, security properties. Do you?


//Peter


More information about the openssh-unix-dev mailing list