From unknown Sat Aug 16 23:48:03 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#44887: openssh service creates DSA keys
Resent-From: Efraim Flashner <efraim@flashner.co.il>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Thu, 26 Nov 2020 15:16:02 +0000
Resent-Message-ID: <handler.44887.B.16064037156210@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 44887
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 44887@debbugs.gnu.org
X-Debbugs-Original-To: bug-guix@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.16064037156210
          (code B ref -1); Thu, 26 Nov 2020 15:16:02 +0000
Received: (at submit) by debbugs.gnu.org; 26 Nov 2020 15:15:15 +0000
Received: from localhost ([127.0.0.1]:42440 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1kiIzL-0001c6-FY
	for submit@debbugs.gnu.org; Thu, 26 Nov 2020 10:15:15 -0500
Received: from lists.gnu.org ([209.51.188.17]:49486)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <efraim@flashner.co.il>) id 1kiIzG-0001bv-Rj
 for submit@debbugs.gnu.org; Thu, 26 Nov 2020 10:15:13 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:46596)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <efraim@flashner.co.il>)
 id 1kiIzG-0000x8-Ka
 for bug-guix@gnu.org; Thu, 26 Nov 2020 10:15:10 -0500
Received: from flashner.co.il ([178.62.234.194]:35690)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <efraim@flashner.co.il>) id 1kiIzE-0006m1-W5
 for bug-guix@gnu.org; Thu, 26 Nov 2020 10:15:10 -0500
Received: from localhost (unknown [141.226.15.169])
 by flashner.co.il (Postfix) with ESMTPSA id F01D640479
 for <bug-guix@gnu.org>; Thu, 26 Nov 2020 15:14:35 +0000 (UTC)
Date: Thu, 26 Nov 2020 17:14:03 +0200
From: Efraim Flashner <efraim@flashner.co.il>
Message-ID: <X7/GO+ALqt1y1ji6@E5400>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="ZOZzjInjKeOBEuCU"
Content-Disposition: inline
X-PGP-Key-ID: 0x41AAE7DCCA3D8351
X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc
X-PGP-Fingerprint: A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Received-SPF: pass client-ip=178.62.234.194;
 envelope-from=efraim@flashner.co.il; helo=flashner.co.il
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.3 (--)


--ZOZzjInjKeOBEuCU
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

In the interest of protecting users we should probably not create DCA
keys by default. That would leave us with RSA, ECDSA and ED25519.

--=20
Efraim Flashner   <efraim@flashner.co.il>   =D7=90=D7=A4=D7=A8=D7=99=D7=9D =
=D7=A4=D7=9C=D7=A9=D7=A0=D7=A8
GPG key =3D A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

--ZOZzjInjKeOBEuCU
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAl+/xjgACgkQQarn3Mo9
g1Hepg//akfIWw41xpYb7EvjjY8Wff4xLPwWOEKsDaISDJJx/PMW2l0rULlXYlP/
goUfP+tqM71sBSfqZRH5ccJOeOtiZ0wZo/s9NEEHu89be/YEJB8thybizmLGCjdA
CFrFJ60JZInOGb66u7uGzMp/7cLt/VxeuyneOU+cdBKv+E3n25/XsOOo+hkEEQ2m
rxpSOG9rEQPNaMMlUv15H0hTdbFyrspbFcwHZ6/5+BfyKVyj66ghla2/n/bG+5jy
JRwNviDv4x92b7g6iPFfhI0Ak6C7OOv2CR82TfhfqEJXZJt2oGEyZB8uaJPHgklJ
pO/ScWxIk5PJ2ITkFEB4MQ18lEB4xRJ42BbxrvfeXQJrdsGlb+TNB51tdW4pcVdD
GCtXWj0tQ2vU4DYIt6jG5HOilNj12Ez6VDzZy5V1qtCbjDsA5lkiZJ81sR254Ivc
zsmF4nga64lDPRqQhLJkicn4KScVJ0mRhEW98O4cqC9O2tEWv5ywsyOPjyhXv3na
JmR+TcJfEEWCgAOE/1edvzaCRT4uO/B1iD1FTLZxq5w4H2fuGa8G5PNLKs9zpI/P
9Ru3kWwwo5bOZOij69MTNwVZIEMxGn80+E7GI5nQGL0mItTS0gVnbq8tGZYaVNyG
1/RmjqNSfW8b/W7Kee2DamJGuOsbSltGMwyat/GHNUS/VG6v9xA=
=+zFL
-----END PGP SIGNATURE-----

--ZOZzjInjKeOBEuCU--




From debbugs-submit-bounces@debbugs.gnu.org Thu Dec 03 12:02:19 2020
Received: (at control) by debbugs.gnu.org; 3 Dec 2020 17:02:19 +0000
Received: from localhost ([127.0.0.1]:41577 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1kkrzn-0004eN-DY
	for submit@debbugs.gnu.org; Thu, 03 Dec 2020 12:02:19 -0500
Received: from eggs.gnu.org ([209.51.188.92]:59386)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1kkrzm-0004Zb-E2
 for control@debbugs.gnu.org; Thu, 03 Dec 2020 12:02:18 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:47136)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>) id 1kkrzg-00042Y-Ie
 for control@debbugs.gnu.org; Thu, 03 Dec 2020 12:02:13 -0500
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=51430 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>) id 1kkrze-0007fh-Ag
 for control@debbugs.gnu.org; Thu, 03 Dec 2020 12:02:11 -0500
Date: Thu, 03 Dec 2020 18:02:09 +0100
Message-Id: <87ft4mddri.fsf@gnu.org>
To: control@debbugs.gnu.org
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
Subject: control message for bug #44887
MIME-version: 1.0
Content-type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

tags 44887 + security
quit





From unknown Sat Aug 16 23:48:03 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#44887: openssh service creates DSA keys
References: <X7/GO+ALqt1y1ji6@E5400>
In-Reply-To: <X7/GO+ALqt1y1ji6@E5400>
Resent-From: Vincent Legoll <vincent.legoll@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Tue, 18 Jun 2024 19:30:02 +0000
Resent-Message-ID: <handler.44887.B44887.171873899822986@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 44887
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: security
To: Efraim Flashner <efraim@flashner.co.il>, Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>, 44887@debbugs.gnu.org
Received: via spool by 44887-submit@debbugs.gnu.org id=B44887.171873899822986
          (code B ref 44887); Tue, 18 Jun 2024 19:30:02 +0000
Received: (at 44887) by debbugs.gnu.org; 18 Jun 2024 19:29:58 +0000
Received: from localhost ([127.0.0.1]:49478 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1sJeWj-0005yf-LS
	for submit@debbugs.gnu.org; Tue, 18 Jun 2024 15:29:58 -0400
Received: from mail-pj1-f50.google.com ([209.85.216.50]:54424)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <vincent.legoll@gmail.com>) id 1sJeWh-0005yI-ET
 for 44887@debbugs.gnu.org; Tue, 18 Jun 2024 15:29:56 -0400
Received: by mail-pj1-f50.google.com with SMTP id
 98e67ed59e1d1-2c3274d5cc7so4949848a91.0
 for <44887@debbugs.gnu.org>; Tue, 18 Jun 2024 12:29:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1718738927; x=1719343727; darn=debbugs.gnu.org;
 h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
 :date:message-id:reply-to;
 bh=jj/GudQm4y/OfKEv4i9VZWOVh0HvjBeP/K/31N1iUc0=;
 b=G7sF+QvKRw/bvaSgUVpmZKyxnk2dS8bdgvdO6j1ZZNp4rHTcy9kqSP+GtZlRf+R0Ky
 RrfzDY59iYvqCNpC2N+17PPGQnhhCudXiCVO0CXktuUZo8moJHIboCRgLopt44IcLkUk
 BSpjMjGG60aWyRFgTWQPBtnEXockVduvTk4fV2PedY9UoiZ8uEIkDP5h48ZK7jiXDHDG
 MOmJfBryQ89xuGzEeP7mRNEe21mNo0F0qliH9Psfa46mEaTGG+I/2RRy/wjngjhDGsgV
 Hlqsn3Cln0oi0bNdMHiFZT0g/q7ZAxSmbMgtV1TAGllITpSjt3D8s9cR/pUN2gB3Wyd2
 eNVA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1718738927; x=1719343727;
 h=to:subject:message-id:date:from:mime-version:x-gm-message-state
 :from:to:cc:subject:date:message-id:reply-to;
 bh=jj/GudQm4y/OfKEv4i9VZWOVh0HvjBeP/K/31N1iUc0=;
 b=NWS9kiFwz1X54KlfBAxELne0iVrS0+P4VHZc5gdZH6ddQrOz80q5WMl2SzAIjpEKgH
 sP18dcfxXojyuVZfjS0RK1Q1gOLB3KZkXx+PaN+IkxxlpfaE8XCtli7RFQ9SJrRmmJnd
 HlStHkqW4/8TTUIJytifUrXtV+rN7/NPTQRP8b4KzBAam4t9jVvdPOzU2fkzht3sw7Z2
 fg66bMZjPBoZfMNLWbhxErCzBQ0ePamlHyR2LxpKDSjrbW8My0DhI3p1ge2hlB3/8rb2
 aW2B+vmdDb+Bc2CgzqxFOSnRKfqTopQEA62+86k+ROCVBGlMeyN0qpc04wG/DXXX9UkZ
 x3aw==
X-Forwarded-Encrypted: i=1;
 AJvYcCWz3PNfYDhY2VbBNmJTfwq+YrQhzWW98/zJSmcSKP2ZbqY4AskrLQhzDk+ebEHQJOvDBDYCDsDRboiFsI2ySgDhZV9GtKU=
X-Gm-Message-State: AOJu0YyxIte9m8pI7dW0QVknP7Iz5muVu+4OTj79aZQtMqUB4U5CH46O
 e7LEoeDN0zsm1szFQOwHcMX9ZXkwQy15H9kH0b5xf6MVjGWsTD42Sm7avsV60APbYCYgj9Obn0W
 uU+Rz+XoErWCzMRV2Cl7rkHL6TpU=
X-Google-Smtp-Source: AGHT+IFhLH1jst6hgr2s7f4Wd3SdINEkgMdZ1UNXVPaZ14nScb1o5XpKDaAVolm8j0/5gqyxv+ZTGRkmPAhuzbTPp1k=
X-Received: by 2002:a17:90a:8c4:b0:2c2:c96c:5390 with SMTP id
 98e67ed59e1d1-2c7b57f3fa8mr725113a91.1.1718738926766; Tue, 18 Jun 2024
 12:28:46 -0700 (PDT)
MIME-Version: 1.0
From: Vincent Legoll <vincent.legoll@gmail.com>
Date: Tue, 18 Jun 2024 19:28:35 +0000
Message-ID: <CAEwRq=rU2wD7ZzcjnTJ0+1DAP6TVE+aytqCKxCbLg0KRjnqn9Q@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: -0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hello,

I've done some digging on that issue. Hope it'll help.

It looks like the clients still support the DSA keys.

This is on a Void linux desktop:

[vince@destop ~]$ ssh -Q PubkeyAcceptedAlgorithms | grep -i dss
ssh-dss
ssh-dss-cert-v01@openssh.com

The following Guix VM has been created 2 days ago, with a very light config

vince@guix ~$ ssh -Q PubkeyAcceptedAlgorithms | grep -i ssh-dss
ssh-dss
ssh-dss-cert-v01@openssh.com

So, I created a DSA PKI key pair, like so:

ssh-keygen -N '' -t dsa -f ssh-key-dsa

Uploaded the public key to the guix VM, as ~vince/.ssh/authorized_keys
then tried to connect to the OpenSSH server on that VM

[vince@desktop ~]$ ssh -vi ssh-key-dsa vince@10.0.0.101
OpenSSH_9.7p1, OpenSSL 3.3.0 9 Apr 2024
debug1: Reading configuration data /home/vince/.ssh/config
debug1: /home/vince/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 10.0.0.101 [10.0.0.101] port 22.
debug1: Connection established.
debug1: identity file ssh-key-dsa type 1
[...]
debug1: Skipping ssh-dss key ssh-key-dsa - corresponding algorithm not
in PubkeyAcceptedAlgorithms
debug1: No more authentication methods to try.
vince@10.0.0.101: Permission denied (publickey).

So it looks like DSA client keys are not accepted any more by default.

Is there a problem for the server host key ?

vince@guix ~$ ls /etc/ssh/
authorized_keys.d/      ssh_host_ed25519_key      ssh_host_rsa_key.pub
ssh_host_ecdsa_key      ssh_host_ed25519_key.pub
ssh_host_ecdsa_key.pub  ssh_host_rsa_key

No DSA keys here. Maybe something has been changed and they are not
created any more.

So I'm not sure there is a problem, or am I mistaken ?
Didn't I look hard enough ?

WDYT ?

Announce of DSA support removal from OpenSSH:
https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-January/041132.html

Some context about DSA keys:
https://security.stackexchange.com/questions/112802/why-openssh-deprecated-dsa-keys

-- 
Vincent Legoll




From unknown Sat Aug 16 23:48:03 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#44887: openssh service creates DSA keys
Resent-From: Efraim Flashner <efraim@flashner.co.il>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Wed, 19 Jun 2024 12:04:01 +0000
Resent-Message-ID: <handler.44887.B44887.171879859822668@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 44887
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: security
To: Vincent Legoll <vincent.legoll@gmail.com>
Cc: 44887@debbugs.gnu.org, Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Received: via spool by 44887-submit@debbugs.gnu.org id=B44887.171879859822668
          (code B ref 44887); Wed, 19 Jun 2024 12:04:01 +0000
Received: (at 44887) by debbugs.gnu.org; 19 Jun 2024 12:03:18 +0000
Received: from localhost ([127.0.0.1]:41496 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1sJu22-0005tY-4N
	for submit@debbugs.gnu.org; Wed, 19 Jun 2024 08:03:18 -0400
Received: from mail-wr1-f43.google.com ([209.85.221.43]:54677)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <efraim.flashner@gmail.com>) id 1sJu1z-0005tI-H7
 for 44887@debbugs.gnu.org; Wed, 19 Jun 2024 08:03:17 -0400
Received: by mail-wr1-f43.google.com with SMTP id
 ffacd0b85a97d-35f1bc2ab37so5836221f8f.1
 for <44887@debbugs.gnu.org>; Wed, 19 Jun 2024 05:03:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1718798526; x=1719403326; darn=debbugs.gnu.org;
 h=in-reply-to:content-disposition:mime-version:references
 :mail-followup-to:message-id:subject:cc:to:from:date:sender:from:to
 :cc:subject:date:message-id:reply-to;
 bh=4Lt4C0CAqNvh4UdVRMkRdI2HCXq+NZ9fkXaDQnh2Hv8=;
 b=lWCNUg6ItFgXaZwNIpv9p04VB/dqenJiaI1qhrlkK4hTAFKmHiw/oVGHU4J1z9kcDD
 tuOUXJ/odmFy7ilzBSLz0hj4+afa5GxEWi46wdgQ2IZy9b19x1OZA7MmUpRNlP3JS5xm
 yttQWDueVOuwZOK/GDNLPHUKn2qdVLtqsZCdJhu9DtuRHraWKhspRPoiArbM8058ELdK
 8YP5yntQdX3aSu55fWOpkCowDhoN62kY+mGBWBmjTQI2BKpa1/1Gtl3AGrIEHaYHUozR
 /x3g41I3ZE8mthtPiE1I1IcY1zsUdo8coIYt0JoT7ygj9jHFtZsBSqFHtOdcHDJUbMSE
 gIlA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1718798526; x=1719403326;
 h=in-reply-to:content-disposition:mime-version:references
 :mail-followup-to:message-id:subject:cc:to:from:date:sender
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=4Lt4C0CAqNvh4UdVRMkRdI2HCXq+NZ9fkXaDQnh2Hv8=;
 b=pL0ADmU3TAcVZVP3eU8F58r10y29sunnk7gLEF2PH2SEgPCc8PMVo0eyIndqtpIocc
 mGQ7XoSO2yt/6sTpM6rYwTbCgXLXQY79kxQB75lUDfe55jba0EoVmPw1ZoA2Ja20KMG/
 C2a7v9OioJ2bC0MU4Jo202RdaGNAgq0jtlnVnwt7EpfhSmT6i4X/BvJP/yLyZG62a3UI
 IVVySEx8LqKPJ0+xz5vd8eeIO65Q52JFNOGKg+9zYB9McWGeJOEIxJQu+zx6SCBqpyi1
 //RdUSomiC35/I+ZX5unOjpUhFsVD6I7op9VlzxaNkI8uZmP9SC6jeac3TrUie9clApo
 Cgog==
X-Forwarded-Encrypted: i=1;
 AJvYcCU2oRaLPVmv4QHIGW8t1ApUyejDDUEwy66j5bRu4cWWspulf1OpDgYSgS7sTAN2luMZFcsm3FedRI25ZilXKEV6cga9e/s=
X-Gm-Message-State: AOJu0YyG6mGhP69nHuKlykUnFTfrZMlegXehs94rtKsahpiIm/gznegu
 c194SUDjodaZJOXqk8p9g6BagocQVWLhclvpiW9xoAOaX1IHkvkg
X-Google-Smtp-Source: AGHT+IFQ/Ncjs5q88pDwDcg80BrYDBC4r6odmFnPfbYhP2xSJTPgKMpg5jpwq48ISoIlALqM3kiULg==
X-Received: by 2002:adf:e78a:0:b0:362:41a4:974e with SMTP id
 ffacd0b85a97d-363175b8f6bmr1497369f8f.16.1718798526067; 
 Wed, 19 Jun 2024 05:02:06 -0700 (PDT)
Received: from localhost ([94.230.83.168]) by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-363a23143dfsm1438203f8f.87.2024.06.19.05.02.05
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 19 Jun 2024 05:02:05 -0700 (PDT)
Date: Wed, 19 Jun 2024 15:02:04 +0300
From: Efraim Flashner <efraim@flashner.co.il>
Message-ID: <ZnLIvD7i4_SGsjB7@3900XT>
Mail-Followup-To: Efraim Flashner <efraim@flashner.co.il>,
 Vincent Legoll <vincent.legoll@gmail.com>,
 Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>,
 44887@debbugs.gnu.org
References: <CAEwRq=rU2wD7ZzcjnTJ0+1DAP6TVE+aytqCKxCbLg0KRjnqn9Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="lYMRkEmB1j5MhHvo"
Content-Disposition: inline
In-Reply-To: <CAEwRq=rU2wD7ZzcjnTJ0+1DAP6TVE+aytqCKxCbLg0KRjnqn9Q@mail.gmail.com>
X-PGP-Key-ID: 0x41AAE7DCCA3D8351
X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc
X-PGP-Fingerprint: A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
X-Spam-Score: 0.2 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.8 (/)


--lYMRkEmB1j5MhHvo
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jun 18, 2024 at 07:28:35PM +0000, Vincent Legoll wrote:
> Hello,
>=20
> I've done some digging on that issue. Hope it'll help.
>=20
> It looks like the clients still support the DSA keys.
>=20
> This is on a Void linux desktop:
>=20
> [vince@destop ~]$ ssh -Q PubkeyAcceptedAlgorithms | grep -i dss
> ssh-dss
> ssh-dss-cert-v01@openssh.com
>=20
> The following Guix VM has been created 2 days ago, with a very light conf=
ig
>=20
> vince@guix ~$ ssh -Q PubkeyAcceptedAlgorithms | grep -i ssh-dss
> ssh-dss
> ssh-dss-cert-v01@openssh.com
>=20
> So, I created a DSA PKI key pair, like so:
>=20
> ssh-keygen -N '' -t dsa -f ssh-key-dsa
>=20
> Uploaded the public key to the guix VM, as ~vince/.ssh/authorized_keys
> then tried to connect to the OpenSSH server on that VM
>=20
> [vince@desktop ~]$ ssh -vi ssh-key-dsa vince@10.0.0.101
> OpenSSH_9.7p1, OpenSSL 3.3.0 9 Apr 2024
> debug1: Reading configuration data /home/vince/.ssh/config
> debug1: /home/vince/.ssh/config line 1: Applying options for *
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Connecting to 10.0.0.101 [10.0.0.101] port 22.
> debug1: Connection established.
> debug1: identity file ssh-key-dsa type 1
> [...]
> debug1: Skipping ssh-dss key ssh-key-dsa - corresponding algorithm not
> in PubkeyAcceptedAlgorithms
> debug1: No more authentication methods to try.
> vince@10.0.0.101: Permission denied (publickey).
>=20
> So it looks like DSA client keys are not accepted any more by default.
>=20
> Is there a problem for the server host key ?
>=20
> vince@guix ~$ ls /etc/ssh/
> authorized_keys.d/      ssh_host_ed25519_key      ssh_host_rsa_key.pub
> ssh_host_ecdsa_key      ssh_host_ed25519_key.pub
> ssh_host_ecdsa_key.pub  ssh_host_rsa_key
>=20
> No DSA keys here. Maybe something has been changed and they are not
> created any more.
>=20
> So I'm not sure there is a problem, or am I mistaken ?
> Didn't I look hard enough ?
>=20
> WDYT ?
>=20
> Announce of DSA support removal from OpenSSH:
> https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-January/041132.=
html
>=20
> Some context about DSA keys:
> https://security.stackexchange.com/questions/112802/why-openssh-deprecate=
d-dsa-keys

It looks like openssh, at some point in the past <period-of-time>,
stopped creating host DSA keys by default. Given the original bug report
was that DSA keys were created by default and now they're not I think we
can close this bug now.

Any objections?

--=20
Efraim Flashner   <efraim@flashner.co.il>   =D7=A8=D7=A0=D7=A9=D7=9C=D7=A4 =
=D7=9D=D7=99=D7=A8=D7=A4=D7=90
GPG key =3D A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

--lYMRkEmB1j5MhHvo
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmZyyLgACgkQQarn3Mo9
g1HAVw//e74dSkveKI8jFVW7jy/y+ALuow8i+hkJolwAm1dAILJ0j3M5Z21KDP9+
YDCEUNqJkvKS0Tmq88kEYuDJGpuBXRQi3TdKpS1wyNUKtqaInSibtMjF+OdcZSYA
K9n+vKTy4WnH7rAYPigXd0a8iBbdUM5rWi9ILkEfDGex23mGOpOz+eyvTIRopxUx
E1jik7E1U/mDEDk1jVRe56WyYElFJgXznDO7/Ou/v2zyAIm9U6iNnQd0BLLHW7V0
w8vBTvBwZuiXjT4973wPBRjBB8IpGH6RYkQHoulPfFGkWVC1l2r836pJt6ZkzVsE
wLAixKX8UnIOaFNS3UDsE1pSepkTPyfH3vCSs9NubgwmrIURO2EKyJV4g8LM6PiJ
umNRhCyaeT+R5tEeQ4QIziU1+7avihp5nqNxFRzAGD6MLM42xcL1G50f6qLa/1sz
shiFe55j/AdbJgOrnnLEk8YglVkhaHPNgMubccYUobsej7i8cJsZN+fiJWoIp1Gr
rJg5qwqKT+VPNjxoP+DOI06786ua8uExaGXcz26DxsTiHfbojTch3AesRAXDHTxM
81EgJi21Yj1kqghfrcXMA8cas7gvq5BpGLOgGtb5cwQKAAqBVyERq2HYnJFJzrHq
nHo1YQChDBxLhTOu8FBf0IXDCgPjg7O+Q7G/zK/yKweZVq4pSfE=
=Udz6
-----END PGP SIGNATURE-----

--lYMRkEmB1j5MhHvo--




From unknown Sat Aug 16 23:48:03 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#44887: openssh service creates DSA keys
Resent-From: Vincent Legoll <vincent.legoll@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-guix@gnu.org
Resent-Date: Wed, 19 Jun 2024 17:21:01 +0000
Resent-Message-ID: <handler.44887.B44887.1718817606680@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 44887
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: security
To: Efraim Flashner <efraim@flashner.co.il>, Vincent Legoll <vincent.legoll@gmail.com>,  Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>, 44887@debbugs.gnu.org
Received: via spool by 44887-submit@debbugs.gnu.org id=B44887.1718817606680
          (code B ref 44887); Wed, 19 Jun 2024 17:21:01 +0000
Received: (at 44887) by debbugs.gnu.org; 19 Jun 2024 17:20:06 +0000
Received: from localhost ([127.0.0.1]:52070 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1sJyyb-0000Aq-Jv
	for submit@debbugs.gnu.org; Wed, 19 Jun 2024 13:20:05 -0400
Received: from mail-pj1-f48.google.com ([209.85.216.48]:44228)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <vincent.legoll@gmail.com>) id 1sJyyZ-0000AD-CD
 for 44887@debbugs.gnu.org; Wed, 19 Jun 2024 13:20:03 -0400
Received: by mail-pj1-f48.google.com with SMTP id
 98e67ed59e1d1-2c7a6da20f2so74961a91.0
 for <44887@debbugs.gnu.org>; Wed, 19 Jun 2024 10:19:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1718817534; x=1719422334; darn=debbugs.gnu.org;
 h=to:subject:message-id:date:from:in-reply-to:references:mime-version
 :from:to:cc:subject:date:message-id:reply-to;
 bh=sqJn3TTIG1HVW1BwjvcCMVtuMSZ1N6smi2L0kBBtX8A=;
 b=A8JgVCxyf1V8NPxP75VqY3Xb/Q3nRRK21WUlJd71YRLYzqWWO4wiLKGLc2a4033ic4
 Gkt6eGGBxROypkxmxpSoM2sYudwwliBFFeEFhy0LK6xj0ZGKo5fGD2xjVqA+csp+dXEP
 r/JDgdXSZVc6VRVQM25ijIghEw6lVLRcRkNLFgMkf89kd1v5+/91Bsaav8YNei6jnYla
 e7W6nxV+1cSScIPCvVirTujL7Qtqm7l5CmmYm/UhDMZC4RLgRxSF1nlpso3m48Vkr2Yr
 gMhawuF17Zga8rV5lSXPLTZ3EK2+qNeQeD01gwUntiufeCvrXVmC/gXaT/xT1swZztg6
 frlA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1718817534; x=1719422334;
 h=to:subject:message-id:date:from:in-reply-to:references:mime-version
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=sqJn3TTIG1HVW1BwjvcCMVtuMSZ1N6smi2L0kBBtX8A=;
 b=Pwqli29Pp3nygtmzOraEjQfjuQlfrKa1zdNJBMv1i66iERzahxEcs7+oVZPhnszFUo
 xANl+v1iWcMBZ6dxAsIuA9DAj5hymUSOMKfPwPRJUGBeucS0U9MCfzl3QdP+wFbgd8MR
 x7lphGlNN8UfZRjmt0BRfQXPLcqv2/I/WXWrM+YYLYGddJGGy9lkgOwQNHz9zfnYs+S8
 J7TfKvSl5Vp5RMk3/nye0qx2YuJTUQ/MaOvjsrySKrotEzjGdeo8OgTHcuShmoKdzpVH
 Hpq1KeFKkeTO6/GVONuUNcl9g2w6vzw4WDtPxEP5oEkBeaS4KSskW/SSGXEfA0csjMtr
 XHxQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCVKu6fkf+x+iHY40H56HPcnwEcFnuPKjM1rz0ju1UM6uJMAErXjuN1F0gmGRJUTFiZ7PUOswLsx6nDx79Do2MCrt2WCyFQ=
X-Gm-Message-State: AOJu0YzIdDZTYtjikFiWlbX39klPlMWRgIxIKD1/wApM8krQAog4HXuS
 oSoBnD9g3FH3A6rIETNVRyF+LX/tIdFJTgTw0BlZ2fSC37ot6xzwrmTMDhXrVT2GcRjtR2VytqS
 C3t+AWTZaIVvO+jsAEfNfIaQJNG8=
X-Google-Smtp-Source: AGHT+IGphw9VyvLyVWqqycz4Dda3Z4r+TBAH/ov2fmiwBCDXIcE7/7oPlI9F5DluuU5DbMrX4maPYODYzozjKSFlnmQ=
X-Received: by 2002:a17:90b:3688:b0:2c4:b8e1:89b0 with SMTP id
 98e67ed59e1d1-2c7b5da5720mr2899972a91.30.1718817533936; Wed, 19 Jun 2024
 10:18:53 -0700 (PDT)
MIME-Version: 1.0
References: <CAEwRq=rU2wD7ZzcjnTJ0+1DAP6TVE+aytqCKxCbLg0KRjnqn9Q@mail.gmail.com>
 <ZnLIvD7i4_SGsjB7@3900XT>
In-Reply-To: <ZnLIvD7i4_SGsjB7@3900XT>
From: Vincent Legoll <vincent.legoll@gmail.com>
Date: Wed, 19 Jun 2024 17:18:42 +0000
Message-ID: <CAEwRq=oUJNs1g+LqnysLz8C4qq0b8z+Z8ANyY011pbZxvyF-_A@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: -0.0 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hello,

> It looks like openssh, at some point in the past <period-of-time>,
> stopped creating host DSA keys by default. Given the original bug report
> was that DSA keys were created by default and now they're not I think we
> can close this bug now.
>
> Any objections?

This is also my opinion

-- 
Vincent Legoll




From unknown Sat Aug 16 23:48:03 2025
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
X-Loop: help-debbugs@gnu.org
From: help-debbugs@gnu.org (GNU bug Tracking System)
To: Efraim Flashner <efraim@flashner.co.il>
Subject: bug#44887: closed (Re: bug#44887: openssh service creates DSA keys)
Message-ID: <handler.44887.D44887.171882791424246.notifdone@debbugs.gnu.org>
References: <878qz0d77k.fsf@gmail.com> <X7/GO+ALqt1y1ji6@E5400>
X-Gnu-PR-Message: they-closed 44887
X-Gnu-PR-Package: guix
X-Gnu-PR-Keywords: security
Reply-To: 44887@debbugs.gnu.org
Date: Wed, 19 Jun 2024 20:12:02 +0000
Content-Type: multipart/mixed; boundary="----------=_1718827922-24267-1"

This is a multi-part message in MIME format...

------------=_1718827922-24267-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Your bug report

#44887: openssh service creates DSA keys

which was filed against the guix package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 44887@debbugs.gnu.org.

--=20
44887: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D44887
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems

------------=_1718827922-24267-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at 44887-done) by debbugs.gnu.org; 19 Jun 2024 20:11:54 +0000
Received: from localhost ([127.0.0.1]:57562 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1sK1es-0006Iz-DK
	for submit@debbugs.gnu.org; Wed, 19 Jun 2024 16:11:54 -0400
Received: from mail-yw1-f181.google.com ([209.85.128.181]:54685)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@gmail.com>) id 1sK1ep-0006Ih-R8
 for 44887-done@debbugs.gnu.org; Wed, 19 Jun 2024 16:11:52 -0400
Received: by mail-yw1-f181.google.com with SMTP id
 00721157ae682-633629c3471so1165617b3.1
 for <44887-done@debbugs.gnu.org>; Wed, 19 Jun 2024 13:11:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1718827842; x=1719432642; darn=debbugs.gnu.org;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=A2D8ja5vBGAxtjNDEq+82gvdyzLmklRdGtntw6egMzo=;
 b=DH8hUhw/VFU8Bu/cxdb8g21YQnZpBIjT6sgYLxX6Ajszcl05PKhOIwk3Z3y01uDdTL
 zyVA/2XAAKdZRk/P2aDeaXg2bAgwk5rYcgLvIa0wSOKEwFKNbtlqvP28s9/MvVEmTYp/
 Zn11yPwVPmF5gqvkKvHuSCHz6wSnhhTWAtzx3Ugx3Ymf8hvfPSlxXUBaB3/AVmGbeb5W
 FHFpYTFYtnkTK1MEgOnWdeo57SVkyxgEUMJuew3uEOzledWM7+/XsyRiKKhvIBFS82J4
 ATc/s4w2qm9JtL+QA1cXys45pOc/4uIwDvt33E2ScsLI+QEGrrnMp3g9xnyYR2EzJ+yI
 umEw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1718827842; x=1719432642;
 h=mime-version:user-agent:message-id:date:references:in-reply-to
 :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date
 :message-id:reply-to;
 bh=A2D8ja5vBGAxtjNDEq+82gvdyzLmklRdGtntw6egMzo=;
 b=ewAHKpx3Fsuy3iOIsGkJflsy1yq59NJSNGsJp14NL016s8TG/M/Z1UW4hkD7LoR+sC
 Z1t5vd4hdxxd8AsGbMpZ3ME2IypuOKmirwSmfP6fWTGqWzezZCWCM55Sm8DCtGCdDZy+
 pN9KB2t7haqgt9XhXe/nSL2L3IXSgt8mW+Bi7CSKA8v+w7kfiC70i/FIhIxUvIemYnKM
 r1pGcn9dvRwI0IflN7fVMYYt8BZzQ5Z0BoJLt5X1wiw9AX0mxrvRp4RVR7Wwata+sA7d
 PyIgu0kjPMIniB5FYCgw6K48xDhTb49bG+50UEyr/LJd/0GVHcFWWfLPIJ8pS6UL84A4
 hMlA==
X-Forwarded-Encrypted: i=1;
 AJvYcCUCs4PExZUbpt221RyB2F3iBkexLAuYkCIzrn7XCfuw4ScTmeiXTCHsMetuzMbQCs/kZp/NJBlkx3qkz6d1X0+qgGnPY3GZj1AWHA==
X-Gm-Message-State: AOJu0Yz//mmUXt1h+n3YDGLJ/JxnseBpnaTc+ZAd8oCPsXm9WVa+bfOL
 rxvjvfnKSAZUKB86ZcriW9jZWDXFFUuBVrLGGDwxD7w4lSwFQsmTQAHTVGJ0
X-Google-Smtp-Source: AGHT+IFzv+XoRNEq+ZywsPE2z1Ytv726gX9tK0nqVepGZAZHV/yGO6YDvrUA1zzJe/cxjdUeHmR89Q==
X-Received: by 2002:a0d:ec13:0:b0:620:5110:3f4c with SMTP id
 00721157ae682-63a903a3111mr37025947b3.46.1718827841139; 
 Wed, 19 Jun 2024 13:10:41 -0700 (PDT)
Received: from hurd (dsl-152-211.b2b2c.ca. [66.158.152.211])
 by smtp.gmail.com with ESMTPSA id
 6a1803df08f44-6b2a5c10580sm80534326d6.32.2024.06.19.13.10.40
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 19 Jun 2024 13:10:40 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
To: Vincent Legoll <vincent.legoll@gmail.com>
Subject: Re: bug#44887: openssh service creates DSA keys
In-Reply-To: <CAEwRq=oUJNs1g+LqnysLz8C4qq0b8z+Z8ANyY011pbZxvyF-_A@mail.gmail.com>
 (Vincent Legoll's message of "Wed, 19 Jun 2024 17:18:42 +0000")
References: <CAEwRq=rU2wD7ZzcjnTJ0+1DAP6TVE+aytqCKxCbLg0KRjnqn9Q@mail.gmail.com>
 <ZnLIvD7i4_SGsjB7@3900XT>
 <CAEwRq=oUJNs1g+LqnysLz8C4qq0b8z+Z8ANyY011pbZxvyF-_A@mail.gmail.com>
Date: Wed, 19 Jun 2024 16:10:39 -0400
Message-ID: <878qz0d77k.fsf@gmail.com>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 44887-done
Cc: 44887-done@debbugs.gnu.org,
 Ludovic =?utf-8?Q?Court?= =?utf-8?Q?=C3=A8s?= <ludo@gnu.org>,
 Efraim Flashner <efraim@flashner.co.il>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi,

Vincent Legoll <vincent.legoll@gmail.com> writes:

> Hello,
>
>> It looks like openssh, at some point in the past <period-of-time>,
>> stopped creating host DSA keys by default. Given the original bug report
>> was that DSA keys were created by default and now they're not I think we
>> can close this bug now.
>>
>> Any objections?
>
> This is also my opinion

Super, doing so.  This is the best kind of resolution ;-).

-- 
Thanks,
Maxim


------------=_1718827922-24267-1
Content-Type: message/rfc822
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Received: (at submit) by debbugs.gnu.org; 26 Nov 2020 15:15:15 +0000
Received: from localhost ([127.0.0.1]:42440 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1kiIzL-0001c6-FY
	for submit@debbugs.gnu.org; Thu, 26 Nov 2020 10:15:15 -0500
Received: from lists.gnu.org ([209.51.188.17]:49486)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <efraim@flashner.co.il>) id 1kiIzG-0001bv-Rj
 for submit@debbugs.gnu.org; Thu, 26 Nov 2020 10:15:13 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:46596)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <efraim@flashner.co.il>)
 id 1kiIzG-0000x8-Ka
 for bug-guix@gnu.org; Thu, 26 Nov 2020 10:15:10 -0500
Received: from flashner.co.il ([178.62.234.194]:35690)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <efraim@flashner.co.il>) id 1kiIzE-0006m1-W5
 for bug-guix@gnu.org; Thu, 26 Nov 2020 10:15:10 -0500
Received: from localhost (unknown [141.226.15.169])
 by flashner.co.il (Postfix) with ESMTPSA id F01D640479
 for <bug-guix@gnu.org>; Thu, 26 Nov 2020 15:14:35 +0000 (UTC)
Date: Thu, 26 Nov 2020 17:14:03 +0200
From: Efraim Flashner <efraim@flashner.co.il>
To: bug-guix@gnu.org
Subject: openssh service creates DSA keys
Message-ID: <X7/GO+ALqt1y1ji6@E5400>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="ZOZzjInjKeOBEuCU"
Content-Disposition: inline
X-PGP-Key-ID: 0x41AAE7DCCA3D8351
X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc
X-PGP-Fingerprint: A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Received-SPF: pass client-ip=178.62.234.194;
 envelope-from=efraim@flashner.co.il; helo=flashner.co.il
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.3 (--)


--ZOZzjInjKeOBEuCU
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

In the interest of protecting users we should probably not create DCA
keys by default. That would leave us with RSA, ECDSA and ED25519.

--=20
Efraim Flashner   <efraim@flashner.co.il>   =D7=90=D7=A4=D7=A8=D7=99=D7=9D =
=D7=A4=D7=9C=D7=A9=D7=A0=D7=A8
GPG key =3D A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

--ZOZzjInjKeOBEuCU
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAl+/xjgACgkQQarn3Mo9
g1Hepg//akfIWw41xpYb7EvjjY8Wff4xLPwWOEKsDaISDJJx/PMW2l0rULlXYlP/
goUfP+tqM71sBSfqZRH5ccJOeOtiZ0wZo/s9NEEHu89be/YEJB8thybizmLGCjdA
CFrFJ60JZInOGb66u7uGzMp/7cLt/VxeuyneOU+cdBKv+E3n25/XsOOo+hkEEQ2m
rxpSOG9rEQPNaMMlUv15H0hTdbFyrspbFcwHZ6/5+BfyKVyj66ghla2/n/bG+5jy
JRwNviDv4x92b7g6iPFfhI0Ak6C7OOv2CR82TfhfqEJXZJt2oGEyZB8uaJPHgklJ
pO/ScWxIk5PJ2ITkFEB4MQ18lEB4xRJ42BbxrvfeXQJrdsGlb+TNB51tdW4pcVdD
GCtXWj0tQ2vU4DYIt6jG5HOilNj12Ez6VDzZy5V1qtCbjDsA5lkiZJ81sR254Ivc
zsmF4nga64lDPRqQhLJkicn4KScVJ0mRhEW98O4cqC9O2tEWv5ywsyOPjyhXv3na
JmR+TcJfEEWCgAOE/1edvzaCRT4uO/B1iD1FTLZxq5w4H2fuGa8G5PNLKs9zpI/P
9Ru3kWwwo5bOZOij69MTNwVZIEMxGn80+E7GI5nQGL0mItTS0gVnbq8tGZYaVNyG
1/RmjqNSfW8b/W7Kee2DamJGuOsbSltGMwyat/GHNUS/VG6v9xA=
=+zFL
-----END PGP SIGNATURE-----

--ZOZzjInjKeOBEuCU--



------------=_1718827922-24267-1--