Date: Thu, 4 Aug 2016 09:07:17 -0600 (MDT) From: Warren Block <wblock@wonkity.com> To: Kubilay Kocak <koobs@FreeBSD.org> Cc: Benedict Reuschling <bcr@FreeBSD.org>, doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: Re: svn commit: r49211 - head/en_US.ISO8859-1/articles/committers-guide Message-ID: <alpine.BSF.2.20.1608040905540.46853@wonkity.com> In-Reply-To: <b23ee189-0a75-8c38-14d9-e2da50133080@FreeBSD.org> References: <201608031543.u73FhA70048459@repo.freebsd.org> <b23ee189-0a75-8c38-14d9-e2da50133080@FreeBSD.org>
index | next in thread | previous in thread | raw e-mail
On Thu, 4 Aug 2016, Kubilay Kocak wrote: > On 4/08/2016 1:43 AM, Benedict Reuschling wrote: >> Author: bcr >> Date: Wed Aug 3 15:43:10 2016 >> New Revision: 49211 >> URL: https://svnweb.freebsd.org/changeset/doc/49211 >> >> Log: >> Remove mention of specific key types to discourage the generation >> of old and potentially insecure keys. >> >> Discussed with: David Wolfskill >> >> Modified: >> head/en_US.ISO8859-1/articles/committers-guide/article.xml >> >> Modified: head/en_US.ISO8859-1/articles/committers-guide/article.xml >> ============================================================================== >> --- head/en_US.ISO8859-1/articles/committers-guide/article.xml Wed Aug 3 13:59:21 2016 (r49210) >> +++ head/en_US.ISO8859-1/articles/committers-guide/article.xml Wed Aug 3 15:43:10 2016 (r49211) >> @@ -3105,7 +3105,7 @@ Relnotes: yes</programlisting> >> <procedure> >> <step> >> <para>If you do not wish to type your password in every time >> - you use &man.ssh.1;, and you use RSA or DSA keys to >> + you use &man.ssh.1;, and you use keys to >> authenticate, &man.ssh-agent.1; is there for your >> convenience. If you want to use &man.ssh-agent.1;, make >> sure that you run it before running other applications. X > > Without making a bikeshed out of it, could we provide some basic > recommendations here? Examples (note: *just* examples) > > rsa with new key format, preferred bits, explicit passphrase > > -o -t rsa -b <whateverwewant> -N <passprhase> > > ed25519 with new key format, explicit passphrase > > -t ed25519 -o -N <passphrase> (new format) > > These might help ensure people don't accidentally (or through lack of > knowledge) create keys without passphrases, and provide a bump up on the > (openssh) defaults. > > I'd be happy to write something short and sweet up in the wiki for > review first if needed, as well as get input from secteam and other > people as well. Agreed. Without recommendations, inexperienced users are just going to accept the defaults. Which is fine, if the defaults are good.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.20.1608040905540.46853>