bugzilla-daemon at mindrot.org
2020-May-30 20:22 UTC
[Bug 3174] New: Enable OpenSSH to connect older gear having limitations on host RSA key length, implemented, see the pull request.
bugzilla.mindrot.org/show_bug.cgi?id=3174 Bug ID: 3174 Summary: Enable OpenSSH to connect older gear having limitations on host RSA key length, implemented, see the pull request. Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org Reporter: sinihappo at alo.fi Created attachment 3404 --> bugzilla.mindrot.org/attachment.cgi?id=3404&action=edit Patch to implement the option I have struggled with older network gear, where either it is not possible because of the lack of new FW or lack of permit to upgrade. If you think that having this option needs more safeguards, please give ideas on what kind of extra checks or options or anything. So I implemented the option to lower the (now) hard limit of SSH_RSA_MINIMUM_MODULUS_SIZE. There is still real hard limit defined in the source code. My rationale for this option is that it is better to be able to use the same OpenSSH program to connect to older gear as well instead of having to compile a separate binary now and then to be able to connect. This way, one automatically uses the latest OpenSSH instead of some old version. I made a pull request of this here: github.com/openssh/openssh-portable/pull/188 I am sorry if this bothers someone but as I implemented this, I also thought it is better to offer it here, too. And again, if anyone has better ideas to solve my (and there are others, I googled!) problem, please discuss this! -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-May-30 20:31 UTC
[Bug 3174] Enable OpenSSH to connect older gear having limitations on host RSA key length, implemented, see the pull request.
bugzilla.mindrot.org/show_bug.cgi?id=3174 Antti Louko <sinihappo at alo.fi> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |sinihappo at alo.fi -- You are receiving this mail because: You are watching the assignee of the bug.