Generate ED25519 host keys on fresh installations.

Upgraders who wish to add such host keys should manually add 'HostKey /etc/ssh/ssh_host_ed25519_key' to /etc/ssh/sshd_config and run 'ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519'.
author: Colin Watson <cjwatson@debian.org> 2014-02-10 03:41:41 +0000
committer: Colin Watson <cjwatson@debian.org> 2014-02-10 03:41:44 +0000
commit: b278395b509ad8458df1ddabf4f8008a24c4998f (patch)
tree: a37c79b52fe20bba1b515df505d9ed9f70460655 /debian
parent: 59107897c30ec1df0925da0ce6755e9d3e98fa3d (diff)
3 files changed, 9 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index c40caf284..b195b6708 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -22,6 +22,10 @@ openssh (1:6.5p1-1) UNRELEASED; urgency=medium
    login (closes: #734816).
  * Incorporate default path changes from shadow 1:4.0.18.1-8, removing
    /usr/bin/X11 (closes: #644521).
+  * Generate ED25519 host keys on fresh installations.  Upgraders who wish
+    to add such host keys should manually add 'HostKey
+    /etc/ssh/ssh_host_ed25519_key' to /etc/ssh/sshd_config and run
+    'ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519'.
 -- Colin Watson <cjwatson@debian.org>  Sun, 09 Feb 2014 15:52:14 +0000
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
index 54dbe13a2..91c757db5 100644
--- a/debian/openssh-server.postinst
+++ b/debian/openssh-server.postinst
@@ -84,6 +84,7 @@ host_keys_required() {
                        echo /etc/ssh/ssh_host_rsa_key
                        echo /etc/ssh/ssh_host_dsa_key
                        echo /etc/ssh/ssh_host_ecdsa_key
+                        echo /etc/ssh/ssh_host_ed25519_key
                fi
        fi
 }
@@ -121,6 +122,8 @@ create_keys() {
                "$hostkeys" /etc/ssh/ssh_host_dsa_key -t dsa
        create_key "Creating SSH2 ECDSA key; this may take some time ..." \
                "$hostkeys" /etc/ssh/ssh_host_ecdsa_key -t ecdsa
+        create_key "Creating SSH2 ED25519 key; this may take some time ..." \
+                "$hostkeys" /etc/ssh/ssh_host_ed25519_key -t ed25519
 }
@@ -176,6 +179,7 @@ Protocol 2
 HostKey /etc/ssh/ssh_host_rsa_key
 HostKey /etc/ssh/ssh_host_dsa_key
 HostKey /etc/ssh/ssh_host_ecdsa_key
+HostKey /etc/ssh/ssh_host_ed25519_key
 #Privilege Separation is turned on for security
 UsePrivilegeSeparation yes
diff --git a/debian/openssh-server.postrm b/debian/openssh-server.postrm
index 33191522b..88e28a91e 100644
--- a/debian/openssh-server.postrm
+++ b/debian/openssh-server.postrm
@@ -13,6 +13,7 @@ case $1 in
                rm -f /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub
                rm -f /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub
                rm -f /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key.pub
+                rm -f /etc/ssh/ssh_host_ed25519_key /etc/ssh/ssh_host_ed25519_key.pub
                rm -f /etc/ssh/sshd_config
                rm -f /etc/ssh/sshd_not_to_be_run
                rmdir --ignore-fail-on-non-empty /etc/ssh
author	Colin Watson <cjwatson@debian.org>	2014-02-10 03:41:41 +0000
committer	Colin Watson <cjwatson@debian.org>	2014-02-10 03:41:44 +0000
commit	b278395b509ad8458df1ddabf4f8008a24c4998f (patch)
tree	a37c79b52fe20bba1b515df505d9ed9f70460655 /debian
parent	59107897c30ec1df0925da0ce6755e9d3e98fa3d (diff)