svn commit: r49211 - head/en_US.ISO8859-1/articles/committers-guide

Kubilay Kocak koobs at
Thu Aug 4 07:11:27 UTC 2016

On 4/08/2016 1:43 AM, Benedict Reuschling wrote:
> Author: bcr
> Date: Wed Aug  3 15:43:10 2016
> New Revision: 49211
> URL:
> Log:
>   Remove mention of specific key types to discourage the generation
>   of old and potentially insecure keys.
>   Discussed with:	    David Wolfskill
> Modified:
>   head/en_US.ISO8859-1/articles/committers-guide/article.xml
> Modified: head/en_US.ISO8859-1/articles/committers-guide/article.xml
> ==============================================================================
> --- head/en_US.ISO8859-1/articles/committers-guide/article.xml	Wed Aug  3 13:59:21 2016	(r49210)
> +++ head/en_US.ISO8859-1/articles/committers-guide/article.xml	Wed Aug  3 15:43:10 2016	(r49211)
> @@ -3105,7 +3105,7 @@ Relnotes:           yes</programlisting>
>      <procedure>
>        <step>
>  	<para>If you do not wish to type your password in every time
> -	  you use &man.ssh.1;, and you use RSA or DSA keys to
> +	  you use &man.ssh.1;, and you use keys to
>  	  authenticate, &man.ssh-agent.1; is there for your
>  	  convenience.  If you want to use &man.ssh-agent.1;, make
>  	  sure that you run it before running other applications.  X

Without making a bikeshed out of it, could we provide some basic
recommendations here? Examples (note: *just* examples)

rsa with new key format, preferred bits, explicit passphrase

-o -t rsa -b <whateverwewant> -N <passprhase>

ed25519 with new key format, explicit passphrase

-t ed25519 -o -N <passphrase> (new format)

These might help ensure people don't accidentally (or through lack of
knowledge) create keys without passphrases, and provide a bump up on the
(openssh) defaults.

I'd be happy to write something short and sweet up in the wiki for
review first if needed, as well as get input from secteam and other
people as well.

More information about the svn-doc-all mailing list