[Systems] bender ssh key changed
bernie at codewiz.org
Sun Sep 5 20:40:57 EDT 2010
El Sun, 05-09-2010 a las 23:46 +0200, Sascha Silbe escribió:
> The SSHFP format is gibberish to me (it looks rather short, BTW), so I
> can't just copy it to known_hosts. And as long as we don't have DNSSEC
> working (including matching software on my side), I can't just tell
> SSH to trust DNS.
A good pick for a resolver with good DNSSEC support would be unbound.
Fedora has been using it for a while to replace for dnsmasq.
> > Here are a few useful ones:
> Thanks for benders key! I suppose none of the others has changed recently?
Yes, only bender changed.
> I would have to look it up (there's been a recent thread about it on
> cryptography at metzdowd.com), but TBH I never noticed any difference in
> connect latency between 2kb and 4kb RSA so I wouldn't even think about
> choosing 2kb myself on most hosts. I usually keep whatever the system
> has generated for me, though - yes, I'm lazy. :-P
Odd, the defaults on all my systems are still 2048bit for RSA and
1024bit for DSA. Perhaps it's a Debian specific configuration?
// Bernie Innocenti - http://codewiz.org/
\X/ Sugar Labs - http://sugarlabs.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.sugarlabs.org/private/systems/attachments/20100906/22087088/attachment.pgp
More information about the Systems