[Systems] bender ssh key changed

Bernie Innocenti bernie at codewiz.org
Sun Sep 5 20:40:57 EDT 2010


El Sun, 05-09-2010 a las 23:46 +0200, Sascha Silbe escribió:

> The SSHFP format is gibberish to me (it looks rather short, BTW), so I
> can't just copy it to known_hosts. And as long as we don't have DNSSEC
> working (including matching software on my side), I can't just tell
> SSH to trust DNS.

A good pick for a resolver with good DNSSEC support would be unbound.
Fedora has been using it for a while to replace for dnsmasq.


> > Here are a few useful ones:
> Thanks for benders key! I suppose none of the others has changed recently?

Yes, only bender changed.


> I would have to look it up (there's been a recent thread about it on
> cryptography at metzdowd.com), but TBH I never noticed any difference in
> connect latency between 2kb and 4kb RSA so I wouldn't even think about
> choosing 2kb myself on most hosts. I usually keep whatever the system
> has generated for me, though - yes, I'm lazy. :-P

Odd, the defaults on all my systems are still 2048bit for RSA and
1024bit for DSA. Perhaps it's a Debian specific configuration?

-- 
   // Bernie Innocenti - http://codewiz.org/
 \X/  Sugar Labs       - http://sugarlabs.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.sugarlabs.org/private/systems/attachments/20100906/22087088/attachment.pgp 


More information about the Systems mailing list