[Bug 2666] New: Ability to specify minimum RSA key size for user keys

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Jan 21 18:10:58 AEDT 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2666

            Bug ID: 2666
           Summary: Ability to specify minimum RSA key size for user keys
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: aaronmdjones at gmail.com

The `PubkeyAcceptedKeyTypes' sshd_config(5) option allows a system
administrator to restrict the kinds of keys that can be used by users
to log in to the system; and they can disable e.g.
`ecdsa-sha2-nistp256' and `ecdsa-sha2-nistp384' while still allowing
`ecdsa-sha2-nistp521', but they cannot restrict the RSA key size if
they allow `ssh-rsa'.

This bug is a feature request for a `PubkeyAcceptedRSAMinKeySize'
option (or similar naming).

If a user attempts to login with a e.g. 2048-bit RSA key, and this is
set to something higher than 2048, the user should be denied access.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list