[Ach] SSH HostKey ECDSA / Ciphers
iang at iang.org
Tue Jan 7 10:03:21 CET 2014
On 7/01/14 09:29 AM, Torge Riedel wrote:
> Hi @all,
> I used the draft paper to harden my private server (ssh, mail, web). And
> it was good help. I was faced with two things:
> In my /etc/ssh/sshd_config (Ubuntu 12.04 LTS) I have three entries:
> HostKey /etc/ssh/ssh_host_dsa_key
> HostKey /etc/ssh/ssh_host_rsa_key
> HostKey /etc/ssh/ssh_host_ecdsa_key
> As told in the document I commented the first entry to disable DSA.
> Checking with ssh -vvv I saw that it seems to use ECDSA on connection.
> As there is no reference to ECDSA in the paper:
> Q: Is it more ore less secure than RSA? And should I disable one of
> these (RSA / ECDSA)?
DSA in all its forms is more or less deprecated, unfavoured. The reason
is that RSA pretty much dominates in security terms (although DSA is
actually quicker in some things). This comes down to some factors from
1. DSA is standards wise and practical wise limited to 1024 bits.
Which is fine, for most work especially ephemeral work, but the world
thinks 1024 is kind of dodgy. There are 1536 bit variants but their
support has been flaky.
2. DSA uses random numbers for every sig. And if it gets bad random
numbers, the results can be catastrophic. RSA however is deterministic
(you get the same sig every time). So this removes an entire
vulnerability, one that is quite vexations.
3. Historically, DSA was a "government replacement for signature work"
when RSA was under severe patent & export controls. That no longer
So yes, if you can, disable DSA, and stick with RSA (is the brutal
> At the first time it was not really clear for me that my OpenSSH version
> does not support the ... at openssh.org / ... at libssh.org Ciphers / MACs /
> KexAlgorithms. Afterwards no connection was possible.
> Luckily I still had a connection open, so I was able to fix that. I
> think there should be at least a good placed / formatted hint in the
> document, that this should be checked / tested well.
Ah yes. Always open your SSH connection and leave it running ... while
you test the params :) Good tip to put in the doc for those who like
More information about the Ach