Settable minimum RSA key sizes on the client end for legacy devices.

Steve Sether steve at
Thu Dec 26 14:02:36 AEDT 2019

Recently I tried to turn on SSH on my 12 year old APC-UPS.  I soon 
discovered that I couldn't connect to it because my newer version of 
openssh doesn't support RSA key sizes below 1024 bits.

I'd rather not dredge up a big fight, but I _would_ like to express a 
desire for some form of overriding the minimum key size.  Basically I've 
had to turn on telnet access again, lowering security.  The HTTPS 
protocol options on the device are old enough that no modern browser 
will connect to it either.  So essentially I'm left at going back to the 
mid 90s and use telnet, or HTTP to connect to this device.

To me, not providing a way to over-ride the minimum key size is just a 
bit heavy-handed.  The vendor doesn't support this device anymore, and 
it's failed all attempts at replacing the 768 bit key with a 1024 bit 
one.  The firmware is upgraded to the last release in 2010. I understand 
that a 768 bit RSA key was factored 10 years ago, though with a very 
large computing effort, so it's vulnerable to a pretty expensive attack.

I note that other legacy, potentially insecure options are supported via 
configuration changes. Why isn't the 
same true for a minimum key size?  This device isn't exactly ancient at 
around 12 years old and a 10 year old firmware.  I'd imagine there's 
other hardware that has limited support for ssh key sizes that the 
current openssh won't connect to anymore.

More information about the openssh-unix-dev mailing list