[Bug 2897] Short RSA key in RevokedKeys prevents everyone from logging in
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Sep 21 13:32:31 AEST 2018
https://bugzilla.mindrot.org/show_bug.cgi?id=2897
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org
CC| |djm at mindrot.org,
| |dtucker at dtucker.net
Attachment #3178| |ok?(dtucker at dtucker.net)
Flags| |
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Created attachment 3178
--> https://bugzilla.mindrot.org/attachment.cgi?id=3178&action=edit
ignore invalid key length errors in sshkey_in_file()
This silently ignores SSH_ERR_KEY_LENGTH errors in sshkey_in_file().
This function is currently used in two places: revocation and listing
CA keys.
Ignoring SSH_ERR_KEY_LENGTH is safe in the CA path because we'd never
accept one of those keys as a CA key.
Ignoring the error in the revocation path is safe because we refuse
those keys for authentication too. IMO it's worth allowing revoked keys
lists with invalid short keys present as it supports sharing revocation
lists between different OpenSSH versions (some of which may not ban
short keys).
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list