bugzilla-daemon at bugzilla.mindrot.org
2020-Feb-29 11:56 UTC
[Bug 3127] New: Show a meaningful error message when key size is less than 1024 bits
https://bugzilla.mindrot.org/show_bug.cgi?id=3127
Bug ID: 3127
Summary: Show a meaningful error message when key size is less
than 1024 bits
Product: Portable OpenSSH
Version: 7.6p1
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: p.bodnar at centrum.cz
This relates to bug 2666. As written in the release notes of OpenSSH,
this changed and is hard-coded in the version 7.6:
Refuse RSA keys <1024 bits in length and improve reporting for keys
that do not meet this requirement.
Still, even in the latest version 8.2p1, all that is returned from the
`ssh-keygen -lf id_rsa.pub` command when a key size is less than 1024
bits is this:
id_rsa.pub is not a public key file
In order not to mislead / confuse users, please show a message like
this instead:
id_rsa.pub is not a supported public key file because its size is
less than 1024 bits
BTW It is also not clear what is the reason for not showing the hash of
the key by the `ssh-keygen` command - isn't the command able to
calculate hashes of any RSA key? Shouldn't the key refusal happen only
at commands where it really matters?
Environment: Tested with OpenSSH in Cygwin, Windows as well as in Git.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2020-Feb-29 12:09 UTC
[Bug 3127] Show a meaningful error message when key size is less than 1024 bits
https://bugzilla.mindrot.org/show_bug.cgi?id=3127 --- Comment #1 from Petr Bodnar <p.bodnar at centrum.cz> --- Note: By hash, I mean fingerprint. Also note that the limit doesn't seem to be documented, or at least I can't find a note on it at official https://man.openbsd.org/ssh-keygen, other than at the "-b" switch which only describes key creation though. -- You are receiving this mail because: You are watching the assignee of the bug.