Why should I disable insecure SSH hostkeys if I never plan on using them?

quantfinancequest

10/9/23, 7:45 PM

A number of articles suggest removing insecure (broken) SSH key types in order to have a more secure server. In practice, if I only connect to the server with secure key types, why should I bother deleting insecure key types? What is a practical attack that can be performed if I do not remove these key types.

From SSH audit:

Disable the DSA and ECDSA host keys

From Secure Secure Shell:

DSA keys must be exactly 1024 bits so let’s disable that. Number 2 here involves NIST suckage and should be disabled as well.

0 + 2

ssh

hardening

cryptography

Gerald Schneider

10/9/23, 8:00 PM

This question seems better suited for [security.se].

quantfinancequest

10/9/23, 8:02 PM

I will move it there. Thank you.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Why should I disable insecure SSH hostkeys if I never plan on using them?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.