SSH_RSA_MINIMUM_MODULUS_SIZE - openssh

This is a discussion on SSH_RSA_MINIMUM_MODULUS_SIZE - openssh ; Hi, is there any chance to make SSH_RSA_MINIMUM_MODULUS_SIZE configurable? I keep receiving these messages: ssh_rsa_verify: RSA modulus too small: 512 key_verify failed for server_host_key And it's quite a hassle to recompile each time I need to use it (there are ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: SSH_RSA_MINIMUM_MODULUS_SIZE

  1. SSH_RSA_MINIMUM_MODULUS_SIZE


    Hi,

    is there any chance to make SSH_RSA_MINIMUM_MODULUS_SIZE configurable?
    I keep receiving these messages:

    ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits
    key_verify failed for server_host_key

    And it's quite a hassle to recompile each time I need to use it (there
    are still devices where you can't fix it easily).

    Thanks
    Michal
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


  2. Re: [PATCH] Re: SSH_RSA_MINIMUM_MODULUS_SIZE

    On Wed, 27 Aug 2008, Michal Svec wrote:

    >
    > Hello,
    >
    > trying again, with a patch now (only for the client).
    >
    > Currently it's not possible to change this without recompiling so any way to
    > prevent that would do and command line seems to be the easiest.
    >
    > Would something like this be acceptable?


    No, we don't want a proliferation of config options.

    -d
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


  3. Re: [PATCH] Re: SSH_RSA_MINIMUM_MODULUS_SIZE


    On Thu, 28 Aug 2008, Damien Miller wrote:

    >> trying again, with a patch now (only for the client).
    >>
    >> Currently it's not possible to change this without recompiling so any way to
    >> prevent that would do and command line seems to be the easiest.
    >>
    >> Would something like this be acceptable?

    >
    > No, we don't want a proliferation of config options.


    Hmm, other ways how to do this are an option in the config file or
    environment variable. Would either of those would be better?

    I don't see any other way, currently one has to patch&recompile openssh
    each time he wants to update to a new version, that's far from optimal.

    Michal
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


  4. Re: [PATCH] Re: SSH_RSA_MINIMUM_MODULUS_SIZE

    On Thu, 28 Aug 2008, Michal Svec wrote:

    > Hmm, other ways how to do this are an option in the config file or
    > environment variable. Would either of those would be better?
    >
    > I don't see any other way, currently one has to patch&recompile openssh
    > each time he wants to update to a new version, that's far from optimal.


    Your needs are special - the vast majority of OpenSSH users will never
    need to change this setting. Therefore a compile-time option is
    appropriate.

    -d
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


+ Reply to Thread