similar to: [Bug 1647] Implement FIPS 186-3 for DSA keys

https://bugzilla.mindrot.org/show_bug.cgi?id=1647 Summary: Implement FIPS 186-3 for DSA keys Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh-keygen AssignedTo: unassigned-bugs at mindrot.org ReportedBy:

<bugzilla-daemon at mindrot.org> writes: > https://bugzilla.mindrot.org/show_bug.cgi?id=1647 > > mackyle at gmail.com changed: > > What |Removed |Added > ---------------------------------------------------------------------------- > CC| |mackyle at gmail.com > > --- Comment #2 from

https://bugzilla.mindrot.org/show_bug.cgi?id=1647 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #5 from Damien Miller <djm at mindrot.org> --- Close all resolved bugs after 7.3p1 release

https://bugzilla.mindrot.org/show_bug.cgi?id=1647 mackyle at gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mackyle at gmail.com --- Comment #2 from mackyle at gmail.com --- RFC 6668 [1] (2012-07) updated RFC 4253 adding the SHA-256 data

https://bugzilla.mindrot.org/show_bug.cgi?id=1647 mackyle at gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mackyle at gmail.com --- Comment #2 from mackyle at gmail.com --- RFC 6668 [1] (2012-07) updated RFC 4253 adding the SHA-256 data

Hi, Why is there still a limit on the length of a DSA key generated by ssh-keygen? I mean that ssh-keygen only expects 1024 as key length, or fails. Here is the code excerpt that enforces the limitation: if (type == KEY_DSA && *bitsp != 1024) fatal("DSA keys must be 1024 bits"); Commenting these two lines allows the generation of, say, 2048 bit DSA keys that work just fine

https://bugzilla.mindrot.org/show_bug.cgi?id=1469 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WONTFIX Status|NEW |RESOLVED CC|

Looking at ssh-keygen.c from openssh-6.2p2.tar.gz lines 186-187: if (type == KEY_DSA && *bitsp != 1024) fatal("DSA keys must be 1024 bits"); It appears to me that ssh-keygen will only generate 1024 bit DSA keys. Is that still current? FIPS 186-3 (2009-06) section 4.2 and FIPS 186-4 [1] (2013-07) section 4.2 state: 4.2 Selection of Parameter Sizes

https://bugzilla.mindrot.org/show_bug.cgi?id=2115 Bug ID: 2115 Summary: Support for DSA p=2048 q=256/224 bit keys Product: Portable OpenSSH Version: 6.1p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=2115 Bug ID: 2115 Summary: Support for DSA p=2048 q=256/224 bit keys Product: Portable OpenSSH Version: 6.1p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at

http://bugzilla.mindrot.org/show_bug.cgi?id=211 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX ------- Additional Comments From djm at mindrot.org 2003-01-07 17:54

Hi, I was trying to run sshd after applying the fips patches mentioned in http://www.gossamer-threads.com/lists/engine?do=post_attachment;postatt_id=1835;list=openssh but for some reason sshd refuses to accept the connection. I guess I do something terribly wrong. Is there a reason that this is bound to fail? These 5.6 patches were the most recent I could find. Are there any fips patches

I just found that trying to specify a DSA identity file with '-i' doesn't work. Although the man page doesn't indicate that this is supported for DSA keys, it also doesn't indicate very clearly that its _not_. Indeed, in ssh.c:main(), the "-i" only increments and sets: options.options.num_identity_files options.identity_files where it would need to modify:

When I try to create a dsa set of key files with -b 999, the key appears to be created with the default of 1024. This does not happen for type rsa or rsa1 keys. They get created with the number of bits I specified. I can't find this problem in the archives. DSA key generation: SY1 97 /SYSTEM/tmp> ssh-keygen -b 999 -t dsa Generating public/private dsa key pair. Enter file in which to

https://bugzilla.mindrot.org/show_bug.cgi?id=1469 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #10 from Damien Miller <djm at mindrot.org> --- Set all RESOLVED bugs to CLOSED with

Hi, I believe I may have found a bug with OpenSSH 2.5.2p2 My guess would be that it exists with 2.5.x, though my only experience so far has been ONLY with Red Hat's RPMS openssh-2.5.2p2-1.7.i386.rpm and openssh-2.5.2p2-1.7.2.i386.rpm It seems that ssh-keygen can generate a large DSA identity key easily (ssh-keygen -t dsa -b 2048), but that ssh itself cannot handle such a large key and

http://bugzilla.mindrot.org/show_bug.cgi?id=884 Summary: DSA keys (id_dsa.pub) with 8192 bytes or more aren't correctly recognized Product: Portable OpenSSH Version: 3.8.1p1 Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: ssh

Does agent forwarding work with DSA keys? I'm using 2.2.0p1 on RedHat Linux 6.2 (Alpha) and Solaris 2.6 (SPARC). If I ssh-add my RSA key into the local agent and ssh to another machine, the agent connection is forwarded properly. (I can say "ssh-add -l" and see my keys.) If I ssh-add my DSA key into the local agent and "ssh -2" to another machine, the agent connection

https://bugzilla.mindrot.org/show_bug.cgi?id=2662 Bug ID: 2662 Summary: Does it still make sense to use DSA host keys by default? Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd

http://bugzilla.mindrot.org/show_bug.cgi?id=566 Summary: ssh-keygen -l does not print key comment for rsa/dsa keys Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: trivial Priority: P2 Component: ssh-keygen AssignedTo: