Possibility to use shorter RSA keys when absolutely necessary

Antti Louko alo at louko.com
Fri Jun 12 22:11:24 AEST 2020


I have struggled with older network gear, where either it is not possible
because of the lack of new FW or lack of permit to upgrade. If you think that
having this option needs more safeguards, please give ideas on what kind of
extra checks or options or anything.

So I added the option RSAMinimumModulusSize which can lower the now hardcoded
SSH_RSA_MINIMUM_MODULUS_SIZE.  I also implemented a hard limit to prevent
ridiculously show keys.

I think it is better ti use up to date OpenSSH instead of your own specially
compiled binary or telnet.

I made a bug report here: https://bugzilla.mindrot.org/show_bug.cgi?id=3174 and
a pull request here: https://github.com/openssh/openssh-portable/pull/188 .

Please comment!


    Antti Louko

More information about the openssh-unix-dev mailing list