juju generates/uses insecure ssh keys
Bug #1974132 reported by
Loïc Gomez
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Fix Released
|
High
|
Jack Shaw |
Bug Description
Juju generates insecure RSA 2048 client SSH keys in .local/
We need juju to use RSA keys of at least 4096 bits length or even better, use ed25519 keys.
description: | updated |
tags: | added: canonical-is |
Changed in juju: | |
assignee: | nobody → Jack Shaw (jack-shaw) |
Changed in juju: | |
milestone: | 3.1-beta1 → 3.1-rc1 |
Changed in juju: | |
status: | Triaged → Fix Committed |
Changed in juju: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
I don't think it is problematic to move, but as far as I can tell NIST /csrc.nist. gov/publication s/detail/ sp/800- 57-part- 1/rev-5/ final
considers 2048 secure through 2030, and only really recommends going to
3072 beyond that point. (At least, that is what I can pull from:
https:/
).
On Thu, May 19, 2022 at 3:16 AM Loïc Gomez <email address hidden>
wrote:
> Public bug reported: share/juju/ ssh/juju_ id_rsa. share/juju/ ssh/juju_ id_rsa. /bugs.launchpad .net/bugs/ 1974132 /bugs.launchpad .net/juju/ +bug/1974132/ +subscriptions
>
> Juju generates insecure RSA 2048 client SSH keys in
> .local/
>
> We need juju to use RSA keys of at least 4096 bits length or even
> better, use ed25519 keys.
>
> ** Affects: juju
> Importance: Undecided
> Status: New
>
>
> ** Tags: canonical-is
>
> ** Description changed:
>
> Juju generates insecure RSA 2048 client SSH keys in
> .local/
>
> We need juju to use RSA keys of at least 4096 bits length or even
> - better, use ed25519 256+ keys.
> + better, use ed25519 keys.
>
> ** Tags added: canonical-is
>
> --
> You received this bug notification because you are subscribed to juju.
> Matching subscriptions: juju bugs
> https:/
>
> Title:
> juju generates/uses insecure ssh keys
>
> To manage notifications about this bug go to:
> https:/
>
>