Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 4 Aug 2016 17:11:11 +1000
From:      Kubilay Kocak <koobs@FreeBSD.org>
To:        Benedict Reuschling <bcr@FreeBSD.org>, doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org
Subject:   Re: svn commit: r49211 - head/en_US.ISO8859-1/articles/committers-guide
Message-ID:  <b23ee189-0a75-8c38-14d9-e2da50133080@FreeBSD.org>
In-Reply-To: <201608031543.u73FhA70048459@repo.freebsd.org>
References:  <201608031543.u73FhA70048459@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 4/08/2016 1:43 AM, Benedict Reuschling wrote:
> Author: bcr
> Date: Wed Aug  3 15:43:10 2016
> New Revision: 49211
> URL: https://svnweb.freebsd.org/changeset/doc/49211
> 
> Log:
>   Remove mention of specific key types to discourage the generation
>   of old and potentially insecure keys.
>   
>   Discussed with:	    David Wolfskill
> 
> Modified:
>   head/en_US.ISO8859-1/articles/committers-guide/article.xml
> 
> Modified: head/en_US.ISO8859-1/articles/committers-guide/article.xml
> ==============================================================================
> --- head/en_US.ISO8859-1/articles/committers-guide/article.xml	Wed Aug  3 13:59:21 2016	(r49210)
> +++ head/en_US.ISO8859-1/articles/committers-guide/article.xml	Wed Aug  3 15:43:10 2016	(r49211)
> @@ -3105,7 +3105,7 @@ Relnotes:           yes</programlisting>
>      <procedure>
>        <step>
>  	<para>If you do not wish to type your password in every time
> -	  you use &man.ssh.1;, and you use RSA or DSA keys to
> +	  you use &man.ssh.1;, and you use keys to
>  	  authenticate, &man.ssh-agent.1; is there for your
>  	  convenience.  If you want to use &man.ssh-agent.1;, make
>  	  sure that you run it before running other applications.  X

Without making a bikeshed out of it, could we provide some basic
recommendations here? Examples (note: *just* examples)

rsa with new key format, preferred bits, explicit passphrase

-o -t rsa -b <whateverwewant> -N <passprhase>

ed25519 with new key format, explicit passphrase

-t ed25519 -o -N <passphrase> (new format)

These might help ensure people don't accidentally (or through lack of
knowledge) create keys without passphrases, and provide a bump up on the
(openssh) defaults.

I'd be happy to write something short and sweet up in the wiki for
review first if needed, as well as get input from secteam and other
people as well.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b23ee189-0a75-8c38-14d9-e2da50133080>