Re: Deprecating RSA ssh host keys in 16

Reply: Shawn Webb : "Re: Deprecating RSA ssh host keys in 16"
Reply: Colin Percival : "Re: Deprecating RSA ssh host keys in 16"
In reply to: Colin Percival : "Deprecating RSA ssh host keys in 16"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Shawn Webb <shawn.webb_at_hardenedbsd.org>
Date: Tue, 24 Sep 2024 19:16:04 UTC

On Tue, Sep 24, 2024 at 06:41:00PM UTC, Colin Percival wrote:
> Hi all,
> 
> Last week I turned off RSA host key generation for SSH in EC2 instances,
> because (a) modern SSH clients support ecdsa and ed25519 keys, and (b)
> generating RSA host keys was taking over 10% of the boot time when EC2
> instances booted for the first time.
> 
> I don't think we should turn off RSA host key generation in general in
> 15.x since for non-VM/cloud images the first boot time is less relevant
> (if you're installing from an ISO image, the installer will take far
> longer than the host key generation) but I think it would make sense to
> deprecate RSA host keys in 15 and then turn them off by default in 16.
> 
> I'm not sure if there's any good way to announce the deprecation beyond
> putting it into the release notes; we could print a warning in 15 when
> RSA host keys are generated, but that will always fire regardless of
> whether they're being *used* and I don't think there's any practical way
> to warn specifically when RSA host keys are *used*.  So unless I'm
> missing something, the deprecation would just take the form of a few lines
> in the release notes.
> 
> Thoughts?

With commit e3f33c64ec168a48038309af0c237eda86d10c74[1], introduced on
14 Nov 2024, HardenedBSD has disabled the generation of RSA host keys
by default.

We haven't seen any reports of any breakage. While the change might be
considered a POLA violation, it seems pretty harmless on today's
15-CURRENT systems.

We have a number of 15-CURRENT users, though we don't have any hard
data, and likely pales in comparison to the FreeBSD side--enough so
that the sample is too small to be a significant or reliable data
point.

I have this commit taged as MFC-able, though I haven't MFC'd just yet.
It completely spaced my mind and I'll likely MFC shortly after sending
this email.

[1]: https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/e3f33c64ec168a48038309af0c237eda86d10c74

Thanks,

-- 
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc