| Summary: | Ability to specify minimum RSA key size for user keys | ||
|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Aaron Jones <me> |
| Component: | sshd | Assignee: | Assigned to nobody <unassigned-bugs> |
| Status: | NEW --- | ||
| Severity: | enhancement | CC: | p.bodnar, samuelhoffman2, stefan.ss |
| Priority: | P5 | ||
| Version: | -current | ||
| Hardware: | All | ||
| OS: | All | ||
|
Description
Aaron Jones
2017-01-21 18:10:58 AEDT
+1 need this option also to allow again previous RSA minimum size default 768. I know 768 is too small for security, _but_ old puttygen version creates in ~50% RSA keys with 1023 bits, when using with the default of requested size 1024. SSH_RSA_MINIMUM_MODULUS_SIZE was increased to 1024, so public key login no longer works with old public keys. so enforced to stay on old openssh server version (7.4). Cannot distribute new keys for this accounts. (In reply to stefan.ss from comment #2) > need this option also to allow again previous RSA minimum size > default 768. > > I know 768 is too small for security, > _but_ old puttygen version creates in ~50% RSA keys with 1023 bits, > when using with the default of requested size 1024. > > SSH_RSA_MINIMUM_MODULUS_SIZE was increased to 1024, so public key > login no longer works with old public keys. > > so enforced to stay on old openssh server version (7.4). > Cannot distribute new keys for this accounts. 100% agreed and voting for this issue resolution. It is also questionable and maybe for a separate bug (?) why the hard-coded limit was not set to 1023 when it is known that PuTTYgen randomly generates(-ed) shorter keys when 1024 is (was) requested. See this quote regarding 1023 key size from its old, but most probably still valid [documentation](https://the.earth.li/~sgtatham/putty/0.61/htmldoc/Chapter8.html): > This is perfectly normal, and you do not need to worry. The lengths should only ever differ by one, and there is no perceptible drop in security as a result. |