Displaying 11 results from an estimated 11 matches for "ssh_rsa_minimum_modulus_size".
2008 Jul 08
1
SSH_RSA_MINIMUM_MODULUS_SIZE
Hi,
is there any chance to make SSH_RSA_MINIMUM_MODULUS_SIZE configurable?
I keep receiving these messages:
ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits
key_verify failed for server_host_key
And it's quite a hassle to recompile each time I need to use it (there
are still devices where you can't fix it easily).
Thanks
Mich...
2017 Sep 22
2
Call for testing: OpenSSH 7.6
...auth(struct ssh_sandbox *, pid_t);
+#define setrlimit(x,y) (0)
diff --git a/sshkey.c b/sshkey.c
index e91c54f..cfdd437 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1394,8 +1394,11 @@ rsa_generate_private_key(u_int bits, RSA **rsap)
if (rsap == NULL)
return SSH_ERR_INVALID_ARGUMENT;
if (bits < SSH_RSA_MINIMUM_MODULUS_SIZE ||
- bits > SSHBUF_MAX_BIGNUM * 8)
+ bits > SSHBUF_MAX_BIGNUM * 8) {
+ fprintf(stderr, "%s bits %d min %d max %d\n", __func__, bits,
+ SSH_RSA_MINIMUM_MODULUS_SIZE, SSHBUF_MAX_BIGNUM);
return SSH_ERR_KEY_LENGTH;
+ }
*rsap = NULL;
if ((private = RSA_new()) == NUL...
2017 Sep 21
19
Call for testing: OpenSSH 7.6
Hi,
OpenSSH 7.6p1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a bugfix release.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is also available via git using the
instructions at
2018 Jan 02
3
Legacy option for key length?
...tor that is easily reachable by a medium botnet or cloud service.
Adding a switch to turn these back on would be IMO irresponsible.
If you think this is overly parentalistic and that an experienced
admin is the one best equipped to assess risk, then I'd direct said
experienced admin to the the SSH_RSA_MINIMUM_MODULUS_SIZE definition in
sshkey.h that they can adjust themselves.
-d
2017 Jan 21
3
[Bug 2666] New: Ability to specify minimum RSA key size for user keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2666
Bug ID: 2666
Summary: Ability to specify minimum RSA key size for user keys
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee:
2013 May 15
2
Support for "ssh-rsa-sha256" and "ssh-dss-sha256" ?
Functionality request for supporting Digital Signatures for RSA and DSS
Public Key Algorithms in alignment with NIST SP800-131A.
I
assume this has been asked before, but I could not find in the
archives. Support of "ssh-rsa-sha256" and "ssh-dss-sha256" public key
algorithms for OpenSSH? I know Suite B Algorithms and x509 SSH
Extension Algorithms are supported, but not a
2020 May 30
1
[Bug 3174] New: Enable OpenSSH to connect older gear having limitations on host RSA key length, implemented, see the pull request.
...network gear, where either it is not
possible because of the lack of new FW or lack of permit to upgrade. If
you think that having this option needs more safeguards, please give
ideas on what kind of extra checks or options or anything.
So I implemented the option to lower the (now) hard limit of
SSH_RSA_MINIMUM_MODULUS_SIZE. There is still real hard limit defined
in the source code.
My rationale for this option is that it is better to be able to use the
same OpenSSH program to connect to older gear as well instead of having
to compile a separate binary now and then to be able to connect. This
way, one automatically...
2002 May 23
0
OpenSSH 3.2.3 released
...- fixed overflow in Kerberos client code
- sshd no longer auto-enables Kerberos/AFS
- experimental support for privilege separation,
see UsePrivilegeSeparation in sshd(8) and
http://www.citi.umich.edu/u/provos/ssh/privsep.html
for more information.
- only accept RSA keys of size SSH_RSA_MINIMUM_MODULUS_SIZE (768) or larger
Other Changes:
==============
- improved smartcard support (including support for OpenSC,
see www.opensc.org)
- improved Kerberos support (including support for MIT-Kerberos V)
- fixed stderr handling in protocol v2
- client reports failure if -R style TCP forw...
2013 Jul 10
1
How to set minimum size of accepted rsa key
Hi eveyone,
Is there a way to set the minimum size accepted by sshd as an RSA public
key?
I want to restrict users to using RSA keys that are generated with
ssh-keygen -b 2048 or greater.
I didn't see any option in sshd_config. There is a ServerKeyBits option,
but that seems to apply only for SSHv1.
Please help me and provide your response.Thanks in advance.
Regards
Ravi Pratap
2017 Dec 29
5
Legacy option for key length?
All,
I occasionally manage some APC PDU devices. I manage them via a VPN,
which enforces super-heavy crypto, and their access is restricted to only
jumphosts and the VPN. Basically, the only time you need to log into
these is when you go to reboot something that's down.
Their web UI with SSL doesn't work with modern browsers.
Their CPU is...tiny, and their SSHd implementation
2002 May 16
5
OpenSSH 3.2.2 released
...oken passing
- fixed overflow in Kerberos client code
- sshd no longer auto-enables Kerberos/AFS
- experimental support for privilege separation,
see UsePrivilegeSeparation in sshd(8) and
http://www.citi.umich.edu/u/provos/ssh/privsep.html
for more information.
- only accept RSA keys of size SSH_RSA_MINIMUM_MODULUS_SIZE (768) or larger
Other Changes:
==============
- improved smartcard support (including support for OpenSC, see www.opensc.org)
- improved Kerberos support (including support for MIT-Kerberos V)
- fixed stderr handling in protocol v2
- client reports failure if -R style TCP forwarding fails in prot...