1175 – ssh-keygen is generating 2048 bit keys by default

Bug 1175 - ssh-keygen is generating 2048 bit keys by default

Summary: ssh-keygen is generating 2048 bit keys by default

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh-keygen (show other bugs)
Version:	4.2p1
Hardware:	SPARC Solaris

Importance:	P2 normal
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2006-03-23 05:07 AEDT by Russell Conner
Modified:	2006-10-07 11:44 AEST (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Russell Conner 2006-03-23 05:07:29 AEDT

ssh-keygen's appears to be generating 2048bit dsa keys, contrary to the documentation which says dsa keys must be 1024. Can be overridden with -b 1024 to generate a valid key.

Comment 1 Darren Tucker 2006-03-23 07:24:18 AEDT

I think this is already fixed in 4.3, can you reproduce it with that version?

$ ssh -V
OpenSSH_4.3p2, OpenSSL 0.9.7f 22 Mar 2005
$ ssh-keygen -t dsa -f tmpkey -N ''
Generating public/private dsa key pair.
[...]
$ openssl dsa -in tmpkey -text -noout |head -2
read DSA key
Private-Key: (1024 bit)

Comment 2 Russell Conner 2006-03-23 17:51:46 AEDT

I do not have that version installed, I will do so and test on a sandbox in the morning.

Comment 3 Russell Conner 2006-03-24 04:13:38 AEDT

Confirmed no issue in latest releases. Thank you, I searched for a bug fix and did not find one.

Comment 4 Darren Tucker 2006-03-24 07:34:26 AEDT

No problem, closing bug.

Comment 5 Darren Tucker 2006-10-07 11:44:57 AEST

Change all RESOLVED bug to CLOSED with the exception of the ones fixed post-4.4.