[Bug 3127] New: Show a meaningful error message when key size is less than 1024 bits
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sat Feb 29 22:56:59 AEDT 2020
https://bugzilla.mindrot.org/show_bug.cgi?id=3127
Bug ID: 3127
Summary: Show a meaningful error message when key size is less
than 1024 bits
Product: Portable OpenSSH
Version: 7.6p1
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: p.bodnar at centrum.cz
This relates to bug 2666. As written in the release notes of OpenSSH,
this changed and is hard-coded in the version 7.6:
Refuse RSA keys <1024 bits in length and improve reporting for keys
that do not meet this requirement.
Still, even in the latest version 8.2p1, all that is returned from the
`ssh-keygen -lf id_rsa.pub` command when a key size is less than 1024
bits is this:
id_rsa.pub is not a public key file
In order not to mislead / confuse users, please show a message like
this instead:
id_rsa.pub is not a supported public key file because its size is
less than 1024 bits
BTW It is also not clear what is the reason for not showing the hash of
the key by the `ssh-keygen` command - isn't the command able to
calculate hashes of any RSA key? Shouldn't the key refusal happen only
at commands where it really matters?
Environment: Tested with OpenSSH in Cygwin, Windows as well as in Git.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list