[Bug 3174] New: Enable OpenSSH to connect older gear having limitations on host RSA key length, implemented, see the pull request.

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sun May 31 06:22:31 AEST 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=3174

            Bug ID: 3174
           Summary: Enable OpenSSH to connect older gear having
                    limitations on host RSA key length, implemented, see
                    the pull request.
           Product: Portable OpenSSH
           Version: 8.3p1
          Hardware: Other
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Miscellaneous
          Assignee: unassigned-bugs at mindrot.org
          Reporter: sinihappo at alo.fi

Created attachment 3404
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3404&action=edit
Patch to implement the option

I have struggled with older network gear, where either it is not
possible because of the lack of new FW or lack of permit to upgrade. If
you think that having this option needs more safeguards, please give
ideas on what kind of extra checks or options or anything.

So I implemented the option to lower the (now) hard limit of
SSH_RSA_MINIMUM_MODULUS_SIZE.  There is still real hard limit defined
in the source code.

My rationale for this option is that it is better to be able to use the
same OpenSSH program to connect to older gear as well instead of having
to compile a separate binary now and then to be able to connect.  This
way, one automatically uses the latest OpenSSH instead of some old
version.

I made a pull request of this here:
https://github.com/openssh/openssh-portable/pull/188

I am sorry if this bothers someone but as I implemented this, I also
thought it is better to offer it here, too.

And again, if anyone has better ideas to solve my (and there are
others, I googled!) problem, please discuss this!

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list