Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: OpenSSH: Dev

[PATCH] Re: SSH_RSA_MINIMUM_MODULUS_SIZE

  

 
OpenSSH dev RSS feed   Index | Next | Previous | View Threaded


rebel at atrey

Aug 27, 2008, 5:21 AM

Post #1 of 4 (1633 views)
Permalink
[PATCH] Re: SSH_RSA_MINIMUM_MODULUS_SIZE
Hello,

trying again, with a patch now (only for the client).

Currently it's not possible to change this without recompiling so any way
to prevent that would do and command line seems to be the easiest.

Would something like this be acceptable?

Thanks.
Michal


On Tue, 8 Jul 2008, Michal Svec wrote:

>
> Hi,
>
> is there any chance to make SSH_RSA_MINIMUM_MODULUS_SIZE configurable?
> I keep receiving these messages:
>
> ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits
> key_verify failed for server_host_key
>
> And it's quite a hassle to recompile each time I need to use it (there
> are still devices where you can't fix it easily).
>
> Thanks
> Michal
>
Attachments: ssh_rsa_minimum_modulus_size-5.1p1.patch (2.74 KB)


djm at mindrot

Aug 27, 2008, 8:38 AM

Post #2 of 4 (1455 views)
Permalink
Re: [PATCH] Re: SSH_RSA_MINIMUM_MODULUS_SIZE [In reply to]
On Wed, 27 Aug 2008, Michal Svec wrote:

>
> Hello,
>
> trying again, with a patch now (only for the client).
>
> Currently it's not possible to change this without recompiling so any way to
> prevent that would do and command line seems to be the easiest.
>
> Would something like this be acceptable?

No, we don't want a proliferation of config options.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


rebel at atrey

Aug 28, 2008, 1:22 AM

Post #3 of 4 (1457 views)
Permalink
Re: [PATCH] Re: SSH_RSA_MINIMUM_MODULUS_SIZE [In reply to]
On Thu, 28 Aug 2008, Damien Miller wrote:

>> trying again, with a patch now (only for the client).
>>
>> Currently it's not possible to change this without recompiling so any way to
>> prevent that would do and command line seems to be the easiest.
>>
>> Would something like this be acceptable?
>
> No, we don't want a proliferation of config options.

Hmm, other ways how to do this are an option in the config file or
environment variable. Would either of those would be better?

I don't see any other way, currently one has to patch&recompile openssh
each time he wants to update to a new version, that's far from optimal.

Michal
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


djm at mindrot

Aug 28, 2008, 7:40 AM

Post #4 of 4 (1441 views)
Permalink
Re: [PATCH] Re: SSH_RSA_MINIMUM_MODULUS_SIZE [In reply to]
On Thu, 28 Aug 2008, Michal Svec wrote:

> Hmm, other ways how to do this are an option in the config file or
> environment variable. Would either of those would be better?
>
> I don't see any other way, currently one has to patch&recompile openssh
> each time he wants to update to a new version, that's far from optimal.

Your needs are special - the vast majority of OpenSSH users will never
need to change this setting. Therefore a compile-time option is
appropriate.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

OpenSSH dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.