[Ach] SSH HostKey ECDSA / Ciphers

ianG iang at iang.org
Tue Jan 7 10:03:21 CET 2014

On 7/01/14 09:29 AM, Torge Riedel wrote:
> Hi @all,
> I used the draft paper to harden my private server (ssh, mail, web). And
> it was good help. I was faced with two things:
> 1.
> In my /etc/ssh/sshd_config (Ubuntu 12.04 LTS) I have three entries:
> HostKey /etc/ssh/ssh_host_dsa_key
> HostKey /etc/ssh/ssh_host_rsa_key
> HostKey /etc/ssh/ssh_host_ecdsa_key
> As told in the document I commented the first entry to disable DSA.

Good stuff!

> Checking with ssh -vvv I saw that it seems to use ECDSA on connection.
> As there is no reference to ECDSA in the paper:
> Q: Is it more ore less secure than RSA? And should I disable one of
> these (RSA / ECDSA)?

DSA in all its forms is more or less deprecated, unfavoured.  The reason 
is that RSA pretty much dominates in security terms (although DSA is 
actually quicker in some things).  This comes down to some factors from 

1.  DSA is standards wise and practical wise limited to 1024 bits. 
Which is fine, for most work especially ephemeral work, but the world 
thinks 1024 is kind of dodgy.  There are 1536 bit variants but their 
support has been flaky.

2.  DSA uses random numbers for every sig.  And if it gets bad random 
numbers, the results can be catastrophic.  RSA however is deterministic 
(you get the same sig every time).  So this removes an entire 
vulnerability, one that is quite vexations.

3.  Historically, DSA was a "government replacement for signature work" 
when RSA was under severe patent & export controls.  That no longer 
really pertains.

So yes, if you can, disable DSA, and stick with RSA (is the brutal 

> 2.
> At the first time it was not really clear for me that my OpenSSH version
> does not support the ... at openssh.org / ... at libssh.org Ciphers / MACs /
> KexAlgorithms. Afterwards no connection was possible.
> Luckily I still had a connection open, so I was able to fix that. I
> think there should be at least a good placed / formatted hint in the
> document, that this should be checked / tested well.

Ah yes.  Always open your SSH connection and leave it running ... while 
you test the params :)  Good tip to put in the doc for those who like 
flying blind.


More information about the Ach mailing list