warning about keys too small

Bryan Henderson bryanh at giraffe-data.com
Fri Jun 7 12:34:12 EST 2002


I suggest a warning be added to the ssh-keygen documentation, if not 
ssh-keygen output, that using the -b option to select fewer than 768 bits
will generate a key that can't be used as a host key.

Actually, I don't know whose requirement the 768 minimum is, but Openssh's
'ssh' program is coded to reject keys shorter than that.  I had availed
myself of the the ssh-keygen -b option to make a 512 bit key because I have
a low security requirement and thought it might speed things up.  

Also:  I appreciate the error message from Ssh telling me that the host key
is too short and that it is 512 bits, but it would be better still if the 
message would tell me what wouldn't be too short.  Reading source code, I
see it's 768 bits.  If the message went on to explain that the host needs
a new host key before a connection will be possible, that would make the
failure even less frustrating.

-- 
Bryan Henderson                                    Phone 408-621-2000
San Jose, California



More information about the openssh-unix-dev mailing list