[Bug 3127] New: Show a meaningful error message when key size is less than 1024 bits

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Feb 29 22:56:59 AEDT 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=3127

            Bug ID: 3127
           Summary: Show a meaningful error message when key size is less
                    than 1024 bits
           Product: Portable OpenSSH
           Version: 7.6p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh-keygen
          Assignee: unassigned-bugs at mindrot.org
          Reporter: p.bodnar at centrum.cz

This relates to bug 2666. As written in the release notes of OpenSSH,
this changed and is hard-coded in the version 7.6:

  Refuse RSA keys <1024 bits in length and improve reporting for keys
that do not meet this requirement.

Still, even in the latest version 8.2p1, all that is returned from the
`ssh-keygen -lf id_rsa.pub` command when a key size is less than 1024
bits is this:

  id_rsa.pub is not a public key file

In order not to mislead / confuse users, please show a message like
this instead:

  id_rsa.pub is not a supported public key file because its size is
less than 1024 bits

BTW It is also not clear what is the reason for not showing the hash of
the key by the `ssh-keygen` command - isn't the command able to
calculate hashes of any RSA key? Shouldn't the key refusal happen only
at commands where it really matters?

Environment: Tested with OpenSSH in Cygwin, Windows as well as in Git.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list