Project

General

Profile

Enhancement #453

[SSH] remove DSA keys, SSHFP: add SHA-256 fingerprint

Added by Pierre-Louis Bonicoli about 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Category:
Service :: DNS
Start date:
2015-07-02
Due date:
% Done:

100%

Patch Available:
Confirmed:
No
Branch:
Entity:
DuckCorp
Security:
Help Needed:
No

Description

SHA-256 fingerprints should be added to SSHFP entries.

for key in /etc/ssh/ssh_host_*_key.pub; do \
  ssh-keygen -r `hostname` -f $key; \
done

History

#1 Updated by Pierre-Louis Bonicoli about 4 years ago

  • Tracker changed from Bug to Enhancement
  • Subject changed from SSHFP: add SHA-256 fingerprint to [SSH] remove DSA keys, SSHFP: add SHA-256 fingerprint
  • Status changed from New to Resolved
  • % Done changed from 0 to 100
  • Help Needed set to No
  1. Actions
    • DSA key removed from filesystem and /etc/ssh/sshd_config
    • SSH restarted
      on:
    • orfeo
    • toushirou (SSHFP records updated for toushirou-hivane, toushirou-sivit and www-hosting)
    • thorfinn
    • jinta
    • korutopi
  2. Actions on orfeo.duckcorp.org
    1. SSHFP records updated:
      • toushirou
      • toushirou-hivane
      • toushirou-sivit
      • www-hosting
      • thorfinn
      • jinta
      • korutopi
    2. rndc reload duckcorp.org
    3. ods-signer sign duckcorp.org

Also available in: Atom PDF