OpenSSH Will Feature Key Discovery and Rotation For Easier Switching To Ed25519
From http://it.slashdot.org/story/15/02/0...ing-to-ed25519
Quote:
OpenSSH developer Damien Miller has posted about a new feature he implemented and committed for the next upcoming 6.8 release of OpenSSH — hostkeys@openssh.com — an OpenSSH extension to the SSH protocol for sshd to automatically send all of its public keys to the client, and for the client to automatically replace all keys of such server within ~/.ssh/known_hosts with the fresh copies as supplied (provided the server is trusted in the first place, of course). The protocol extension is simple enough, and is aimed to make it easier to switch over from DSA to the OpenSSL-free Ed25519 public keys. It is also designed in such a way as to support the concept of spare host keys being stored offline, which could then seamlessly replace main active keys should they ever become compromised.
|
The link to the blog : http://blog.djm.net.au/2015/02/key-r...penssh-68.html
Info about Ed25519 : http://en.wikipedia.org/wiki/EdDSA and http://ed25519.cr.yp.to
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Last edited by J65nko; 1st February 2015 at 06:29 PM.
|