[Bug 2666] New: Ability to specify minimum RSA key size for user keys
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sat Jan 21 18:10:58 AEDT 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2666
Bug ID: 2666
Summary: Ability to specify minimum RSA key size for user keys
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: aaronmdjones at gmail.com
The `PubkeyAcceptedKeyTypes' sshd_config(5) option allows a system
administrator to restrict the kinds of keys that can be used by users
to log in to the system; and they can disable e.g.
`ecdsa-sha2-nistp256' and `ecdsa-sha2-nistp384' while still allowing
`ecdsa-sha2-nistp521', but they cannot restrict the RSA key size if
they allow `ssh-rsa'.
This bug is a feature request for a `PubkeyAcceptedRSAMinKeySize'
option (or similar naming).
If a user attempts to login with a e.g. 2048-bit RSA key, and this is
set to something higher than 2048, the user should be denied access.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list