Settable minimum RSA key sizes on the client end for legacy devices.
steve at sether.org
Thu Dec 26 14:02:36 AEDT 2019
Recently I tried to turn on SSH on my 12 year old APC-UPS. I soon
discovered that I couldn't connect to it because my newer version of
openssh doesn't support RSA key sizes below 1024 bits.
I'd rather not dredge up a big fight, but I _would_ like to express a
desire for some form of overriding the minimum key size. Basically I've
had to turn on telnet access again, lowering security. The HTTPS
protocol options on the device are old enough that no modern browser
will connect to it either. So essentially I'm left at going back to the
mid 90s and use telnet, or HTTP to connect to this device.
To me, not providing a way to over-ride the minimum key size is just a
bit heavy-handed. The vendor doesn't support this device anymore, and
it's failed all attempts at replacing the 768 bit key with a 1024 bit
one. The firmware is upgraded to the last release in 2010. I understand
that a 768 bit RSA key was factored 10 years ago, though with a very
large computing effort, so it's vulnerable to a pretty expensive attack.
I note that other legacy, potentially insecure options are supported via
configuration changes. https://www.openssh.com/legacy.html Why isn't the
same true for a minimum key size? This device isn't exactly ancient at
around 12 years old and a 10 year old firmware. I'd imagine there's
other hardware that has limited support for ssh key sizes that the
current openssh won't connect to anymore.
More information about the openssh-unix-dev