search for: serverkeybit

Hi eveyone, Is there a way to set the minimum size accepted by sshd as an RSA public key? I want to restrict users to using RSA keys that are generated with ssh-keygen -b 2048 or greater. I didn't see any option in sshd_config. There is a ServerKeyBits option, but that seems to apply only for SSHv1. Please help me and provide your response.Thanks in advance. Regards Ravi Pratap

...t. I suppose that the key generation is too expensive for that processor. Is there something I can try to make it work better ? Can we change the key length or use another encryption algorythm which is less CPU-expensive ? Which one of the available cipher is the less CPU expensive ? Can I change ServerKeyBits in sshd_config without breaking interoperability ? Any inputs point me somewhere where I can look further is welcomed. Feel free to point me to the right documentation if such one exists, but my search have been unsuccessfull until now (including the search on the list archive). Thank you for yo...

...use_authtok session required /lib/security/pam_pwdb.so session required /lib/security/pam_limits.so The contents of sshd_config are: Port 22 Protocol 2,1 HostKey /usr/local/etc/ssh/ssh_host_key HostKey /usr/local/etc/ssh/ssh_host_rsa_key HostKey /usr/local/etc/ssh/ssh_host_dsa_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin no IgnoreRhosts yes RhostsRSAAuthentication StrictModes yes X11Forwarding no X11DisplayOffset 10 PrintMotd yes KeepAlive yes PrintLastLog no SyslogFacility AUTH LogLevel INFO RhostsRSAAuthentication no HostbasedAuthentication no R...

...ng crc compensation attack detector. debug1: Received encrypted confirmation. debug1: Doing password authentication. mr at tcm30's password: " # This is ssh server systemwide configuration file. " Port 22 ListenAddress 0.0.0.0 HostKey /etc/ssh_host_key RandomSeed /etc/ssh_random_seed ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 7200 PermitRootLogin yes IgnoreRhosts no StrictModes yes QuietMode no X11Forwarding yes X11DisplayOffset 10 FascistLogging no PrintMotd yes KeepAlive yes SyslogFacility DAEMON RhostsAuthentication yes RhostsRSAAuthentication yes RSAAuthentication no P...

...Address 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 HostKey /usr/local/etc/ssh_host_key # HostKeys for protocol version 2 HostKey /usr/local/etc/ssh_host_rsa_key HostKey /usr/local/etc/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging SyslogFacility AUTH LogLevel INFO #obsoletes QuietMode and FascistLogging # Authentication: LoginGraceTime 600 PermitRootLogin yes StrictModes no RSAAuthentication no PubkeyAuthentication no AuthorizedKeysFile %h/.ssh/authorized_keys # rhosts authentication should not be used Rh...

....3 Apr 8 22:03:29 fuzzball sshd[27946]: Cannot close PAM session: System error Apr 8 22:03:29 fuzzball sshd[27946]: Cannot delete credentials: Authentication # This is ssh server systemwide configuration file. Port 22 ListenAddress 0.0.0.0 #ListenAddress :: HostKey /usr/local/etc/ssh_host_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin yes # # Don't read ~/.rhosts and ~/.shosts files IgnoreRhosts yes # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes StrictModes yes X11Forwarding no X11DisplayOffset...

...m FreeBSD-20030423 Port 22 Protocol 2 #ListenAddress 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 3600 #ServerKeyBits 768 # Logging #obsoletes QuietMode and FascistLogging SyslogFacility AUTH LogLevel INFO # Authentication: #LoginGraceTime 120 PermitRootLogin no StrictModes yes RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys # rhosts authentication should not be us...

....0.0.0 #ListenAddress :: # HostKey for protocol version 1 #HostKey /usr/local/etc/ssh_host_key # HostKeys for protocol version 2 HostKey /opt/talisen/ssh/ssh-host-rsa-key HostKey /opt/talisen/ssh/ssh-host-dsa-key # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 768 # Logging #SyslogFacility AUTH SyslogFacility LOCAL7 LogLevel DEBUG3 #obsoletes QuietMode and FascistLogging # Authentication: LoginGraceTime 600 PermitRootLogin no StrictModes yes RSAAuthentication yes PubkeyAuthentication yes #AuthorizedKeysFile %h/.ssh/authorized_keys2 # rhost...

...ion 2) OpenSSL version 0.9.5a (downloaded as Redhat RPMs, revision 3) PPP version 2.3.10 One exposed external IP address (for this list, assume to be 100.100.100.100) /etc/ssh/sshd_config: Port 22 Protocol 2,1 ListenAddress 0.0.0.0 HostKey /etc/ssh/ssh_host_key HostDSAKey /etc/ssh/ssh_host_dsa_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin no IgnoreRhosts yes StrictModes yes X11Forwarding no X11DisplayOffset 10 PrintMotd yes KeepAlive yes /etc/ppp/options: lock local noauth proxyarp Client information: *Stock Redhat 6.2 machine running a 2.2.17pre20 kernel OpenSSH...

...v 1.32 2001/02/06 22:07:50 deraadt Exp $ # This is the sshd server system-wide configuration file. See sshd(8) # for more information. Port 22 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress :: HostKey /etc/ssh/ssh_host_key HostKey /etc/ssh/ssh_host_dsa_key #HostKey /etc/ssh/ssh_host_rsa_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin yes # # Don't read ~/.rhosts and ~/.shosts files IgnoreRhosts yes # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes StrictModes yes X11Forwarding no X11DisplayOffset 10...

...ss 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 #HostKey /usr/local/etc/ssh_host_key # HostKeys for protocol version 2 #HostKey /usr/local/etc/ssh_host_rsa_key #HostKey /usr/local/etc/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 768 # Logging #obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m #PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # For this to work...

...y any #ListenAddress 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 768 # Logging # obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO # Authentication: #LoginGraceTime 2m #PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # For this to wor...

http://bugzilla.mindrot.org/show_bug.cgi?id=774 Summary: banner is displaying twice (/etc/issue) Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Solaris Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy:

...ostKey ${SYSCONFDIR}/ssh_host_key # HostKeys for protocol version 2 -HostKey /etc/ssh_host_rsa_key -HostKey /etc/ssh_host_dsa_key +#HostKey ${SYSCONFDIR}/ssh_host_rsa_key +#HostKey ${SYSCONFDIR}/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server ke -KeyRegenerationInterval 3600 -ServerKeyBits 768 +#KeyRegenerationInterval 3600 +#ServerKeyBits 768 # Logging -SyslogFacility AUTH -LogLevel INFO #obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO # Authentication: -LoginGraceTime 600 -PermitRootLogin yes +#LoginGraceTime 600 +#PermitRootLogin yes # The f...

...ND the user has his identity.pub from his client computer in the authorized_keys on the server? This would require two keys to be able to log in. I thought this was ssh would work with the following sshd_config file: --- BEGIN FILE --- Port 22 ListenAddress 0.0.0.0 HostKey /etc/ssh/ssh_host_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin yes StrictModes yes X11Forwarding yes X11DisplayOffset 10 PrintMotd yes KeepAlive yes CheckMail no UseLogin no SyslogFacility AUTH LogLevel INFO RhostsRSAAuthentication yes IgnoreRhosts yes RhostsAuthentication no IgnoreUserKnownH...

....3 Apr 8 22:03:29 fuzzball sshd[27946]: Cannot close PAM session: System error Apr 8 22:03:29 fuzzball sshd[27946]: Cannot delete credentials: Authentication # This is ssh server systemwide configuration file. Port 22 ListenAddress 0.0.0.0 #ListenAddress :: HostKey /usr/local/etc/ssh_host_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin yes # # Don't read ~/.rhosts and ~/.shosts files IgnoreRhosts yes # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes StrictModes yes X11Forwarding no X11DisplayOffset...

...table/openssh-2.2.0p1-vs-openbsd.diff.gz) --- ssh-openbsd-2000090200/sshd_config Tue Aug 8 16:55:05 2000 +++ openssh-2.2.0p1/sshd_config Wed Aug 30 09:40:09 2000 @@ -2,7 +2,7 @@ Port 22 #Protocol 2,1 -#ListenAddress 0.0.0.0 +ListenAddress 0.0.0.0 #ListenAddress :: HostKey /etc/ssh_host_key ServerKeyBits 768 ---- Why? If there's no ListenAddress ssh listens on all addresses: --- ListenAddress Specifies what local address sshd should listen on. The default is to listen to all local addresses. Multiple options of this type are permitted. Additiona...

...ms to be accepted regardless when DSA authentication is not available. Client and server are Linux - openssh-2.5.2p2-1.7.2 Server config is: Port 22 ListenAddress 0.0.0.0 HostKey /etc/ssh/ssh_host_key HostKey /etc/ssh/ssh_host_dsa_key KeyRegenerationInterval 3600 LoginGraceTime 600 ServerKeyBits 768 IgnoreRhosts yes PasswordAuthentication no PermitEmptyPasswords no PermitRootLogin yes RSAAuthentication yes RhostsAuthentication no RhostsRSAAuthentication no StrictModes yes X11DisplayOffset 10 X11Forwarding no CheckMail no KeepAlive yes PrintMotd yes SyslogFacili...

...se gssapi_client.store.filename is empty. We are using also pam_krb5, but with option minimal_uid=200, so the root login is not affected. My sshd_config: Port 22 Protocol 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key UsePrivilegeSeparation yes KeyRegenerationInterval 3600 ServerKeyBits 768 SyslogFacility AUTH LogLevel INFO LoginGraceTime 120 PermitRootLogin yes StrictModes yes RSAAuthentication yes PubkeyAuthentication yes IgnoreRhosts yes RhostsRSAAuthentication no HostbasedAuthentication no RhostsRSAAuthentication PermitEmptyPasswords no ChallengeResponseAuthentication n...

...ut 0 # StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_dsa @@ -397,7 +399,7 @@ Port $port_number #HostKey ${SYSCONFDIR}/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 3600 +#KeyRegenerationInterval 1h #ServerKeyBits 768 # Logging @@ -407,7 +409,7 @@ Port $port_number # Authentication: -#LoginGraceTime 120 +#LoginGraceTime 2m #PermitRootLogin yes # The following setting overrides permission checks on host key files # and directories. For security reasons set this to "yes" when running @@ -...