bugzilla-daemon at bugzilla.mindrot.org
2020-Feb-29 11:56 UTC
[Bug 3127] New: Show a meaningful error message when key size is less than 1024 bits
https://bugzilla.mindrot.org/show_bug.cgi?id=3127 Bug ID: 3127 Summary: Show a meaningful error message when key size is less than 1024 bits Product: Portable OpenSSH Version: 7.6p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at mindrot.org Reporter: p.bodnar at centrum.cz This relates to bug 2666. As written in the release notes of OpenSSH, this changed and is hard-coded in the version 7.6: Refuse RSA keys <1024 bits in length and improve reporting for keys that do not meet this requirement. Still, even in the latest version 8.2p1, all that is returned from the `ssh-keygen -lf id_rsa.pub` command when a key size is less than 1024 bits is this: id_rsa.pub is not a public key file In order not to mislead / confuse users, please show a message like this instead: id_rsa.pub is not a supported public key file because its size is less than 1024 bits BTW It is also not clear what is the reason for not showing the hash of the key by the `ssh-keygen` command - isn't the command able to calculate hashes of any RSA key? Shouldn't the key refusal happen only at commands where it really matters? Environment: Tested with OpenSSH in Cygwin, Windows as well as in Git. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2020-Feb-29 12:09 UTC
[Bug 3127] Show a meaningful error message when key size is less than 1024 bits
https://bugzilla.mindrot.org/show_bug.cgi?id=3127 --- Comment #1 from Petr Bodnar <p.bodnar at centrum.cz> --- Note: By hash, I mean fingerprint. Also note that the limit doesn't seem to be documented, or at least I can't find a note on it at official https://man.openbsd.org/ssh-keygen, other than at the "-b" switch which only describes key creation though. -- You are receiving this mail because: You are watching the assignee of the bug.