[prev in list] [next in list] [prev in thread] [next in thread]
List: openssh-unix-dev
Subject: Possibility to use shorter RSA keys when absolutely necessary
From: Antti Louko <alo () louko ! com>
Date: 2020-06-12 12:11:24
Message-ID: 56cf9701-3d23-ec05-8738-c25d12ddcc7e () louko ! com
[Download RAW message or body]
Hello,
I have struggled with older network gear, where either it is not possible
because of the lack of new FW or lack of permit to upgrade. If you think that
having this option needs more safeguards, please give ideas on what kind of
extra checks or options or anything.
So I added the option RSAMinimumModulusSize which can lower the now hardcoded
SSH_RSA_MINIMUM_MODULUS_SIZE. I also implemented a hard limit to prevent
ridiculously show keys.
I think it is better ti use up to date OpenSSH instead of your own specially
compiled binary or telnet.
I made a bug report here: https://bugzilla.mindrot.org/show_bug.cgi?id=3174 and
a pull request here: https://github.com/openssh/openssh-portable/pull/188 .
Please comment!
BR
Antti Louko
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic