RSA key configuration limitations
Nico Kadel-Garcia
nkadel at gmail.com
Sat Jun 11 10:52:09 AEST 2022
On Fri, Jun 10, 2022 at 10:50 AM Dmitry Belyavskiy <dbelyavs at redhat.com> wrote:
>
> Dear colleagues,
>
> There is a need to increase RSA key requirements to make the installations
> more secure. Just updating the default compiled-in value isn't an option
> because it may significantly break legacy systems compatibility. This PR
> [1] introduces a new configuration option MinRSABits to be managed for
> security's sake.
Document it, in plain language, and make it clear how to revert the
change for specific targets. I went *nuts* recently because the CIS
published release of RHEL 8 does not permit the older protocol
specifically labeled "ssh-rsa" for public authentication, and it
breaks SSH key based access to the Azure DevOps git server.
> If this approach is OK for upstream, please let me know and I will improve
> this PR according to the feedback.
>
> [1] https://github.com/openssh/openssh-portable/pull/325
>
> --
> Dmitry Belyavskiy
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list