Re: Settable minimum RSA key sizes on the client end for legacy devices.

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Yes, I considered re-compiling, but it just seemed like an enormous pain to have to go through the source and figure out where the key size limit was.  It also occurred to me that I'm likely not the only one with this problem, but many just didn't understand what the underlying problem was, and more wouldn't know where to go to talk about addressing it.  95% of the administrators of the world are just going to enable telnet, and be done with it.  You have to remember that one person reporting a bug or requested feature represents many, many more that never caught it, or didn't know how to report it, or (as above) found another workaround.

I also tried looking for other clients that might support lower sized keys.  putty seems to blow up because of the buggy ssh implementation of the server that openSSH kindly deals with. There's some other implementations that I didn't want to pay for just to see if they worked.

On 12/26/19 8:08 AM, Philipp Marek wrote:

I'd rather not dredge up a big fight, but I _would_ like to express a
desire for some form of overriding the minimum key size.

This can be done by recompiling if necessary. This restriction has been
a pain for me at times but honestly I think it's for the best that it's
been done.

I may be alone with that opinion, but for such things I've always hoped
for a global _variable_ whose location is available as a dynamic symbol
in the ELF - so instead of getting all the sources (and all their
dependencies, resp. the headers etc.) and reconfiguring (with all
required research to get the right options) and recompiling, a 1-minute
session with a hex editor to patch the 2 bytes would be enough...


Yeah, some distributions make recompilation much easier (Debian has
"apt-get source") - but still it's much more work than switching a few
bytes.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux