Bug 3174

Summary:

Enable OpenSSH to connect older gear having limitations on host RSA key length, implemented, see the pull request.

Product:

Portable OpenSSH

Reporter:

Antti Louko <sinihappo>

Component:

Miscellaneous

Assignee:

Assigned to nobody <unassigned-bugs>

Status:

NEW ---

Severity:

enhancement

CC:

sinihappo

Priority:

Version:

8.3p1

Hardware:

Other

OS:

All

Attachments:

Description	Flags
Patch to implement the option	none

Description Antti Louko 2020-05-31 06:22:31 AEST

Created attachment 3404 [details]
Patch to implement the option

I have struggled with older network gear, where either it is not possible because of the lack of new FW or lack of permit to upgrade. If you think that having this option needs more safeguards, please give ideas on what kind of extra checks or options or anything.

So I implemented the option to lower the (now) hard limit of SSH_RSA_MINIMUM_MODULUS_SIZE.  There is still real hard limit defined in the source code.

My rationale for this option is that it is better to be able to use the same OpenSSH program to connect to older gear as well instead of having to compile a separate binary now and then to be able to connect.  This way, one automatically uses the latest OpenSSH instead of some old version.

I made a pull request of this here: https://github.com/openssh/openssh-portable/pull/188

I am sorry if this bothers someone but as I implemented this, I also thought it is better to offer it here, too.

And again, if anyone has better ideas to solve my (and there are others, I googled!) problem, please discuss this!