[Bug Infrastructure/31718] New: drop rsa1024 sshd host key

[Bug Infrastructure/31718] New: drop rsa1024 sshd host key

[fche at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31718

            Bug ID: 31718
           Summary: drop rsa1024 sshd host key
           Product: sourceware
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Infrastructure
          Assignee: overseers at sourceware dot org
          Reporter: fche at redhat dot com
  Target Milestone: ---

/etc/ssh/ssh_host_rsa_key.pub is a RSA1024 key.  Some sizephobic ssh clients
are starting to complain about it.  We could drop that one and have sourceware
list just its other/larger host keys, though an earlier experiment with that
also indicated some disruption.  (The DNS SSHFP records would need to follow up
too.)

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug Infrastructure/31718] drop rsa1024 sshd host key

[carlos at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31718

Carlos O'Donell <carlos at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |carlos at redhat dot com

--- Comment #1 from Carlos O'Donell <carlos at redhat dot com> ---
We should resolve this issue sooner than later.

This is an industry wide shift to phase out 1024-bit keys in favour of 2048-bit
or larger keys.

Example:
NISP SP 800-78-5
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-78-5.pdf
"PIV Authentication Key" "RSA (2048 or 3072 bits)"

Example:
BSI TR-02102-1
https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Standards-und-Zertifizierung/Technische-Richtlinien/TR-nach-Thema-sortiert/tr02102/tr02102_node.html
"Recommended key lengths..." "RSA" "3000"

I hit his again today on a default Fedora 40 install testing things for new
contributors.

This is a problem for contributors with modern distributions adopting industry
best practice. We should really drop the RSA1024 key as soon as possible.

Do we have a 4096-bit RSA key?

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug Infrastructure/31718] drop rsa1024 sshd host key

[carlos at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31718

Carlos O'Donell <carlos at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |SSML

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug Infrastructure/31718] drop rsa1024 sshd host key

[fche at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=31718

--- Comment #2 from Frank Ch. Eigler <fche at redhat dot com> ---
Our sshd instance exports an rsa1024, ecdsa, ed25519, and an rsa4096 key, each
of them also published in DNS via DNSSEC-secured SSHFP records.

Last time we tried removing the rsa1024 key from sshd circulation, some old
clients were given a warning.  That might be better now.  Some glibc-based
client systems need "options trust-ad" in their /etc/resolv.conf so that ssh
fully trusts the full set of keys in DNS/DNSSEC, and "VerifyHostKeysDNS yes" in
their .ssh/config .

We could announce the intent to deprecate the rsa1024 one in the next quarterly
update message, then do it 3 months after that.

-- 
You are receiving this mail because:
You are the assignee for the bug.