Bug 3174 - Enable OpenSSH to connect older gear having limitations on host RSA key length, implemented, see the pull request.
Summary: Enable OpenSSH to connect older gear having limitations on host RSA key lengt...
Status: NEW
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: Miscellaneous (show other bugs)
Version: 8.3p1
Hardware: Other All
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-05-31 06:22 AEST by Antti Louko
Modified: 2020-05-31 06:31 AEST (History)
1 user (show)

See Also:

Attachments
Patch to implement the option (4.61 KB, patch)
2020-05-31 06:22 AEST, Antti Louko 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Antti Louko 2020-05-31 06:22:31 AEST 
Created attachment 3404 [details]
Patch to implement the option

I have struggled with older network gear, where either it is not possible because of the lack of new FW or lack of permit to upgrade. If you think that having this option needs more safeguards, please give ideas on what kind of extra checks or options or anything.

So I implemented the option to lower the (now) hard limit of SSH_RSA_MINIMUM_MODULUS_SIZE.  There is still real hard limit defined in the source code.

My rationale for this option is that it is better to be able to use the same OpenSSH program to connect to older gear as well instead of having to compile a separate binary now and then to be able to connect.  This way, one automatically uses the latest OpenSSH instead of some old version.

I made a pull request of this here: https://github.com/openssh/openssh-portable/pull/188

I am sorry if this bothers someone but as I implemented this, I also thought it is better to offer it here, too.

And again, if anyone has better ideas to solve my (and there are others, I googled!) problem, please discuss this!