Re: RSA key configuration limitations

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


On Fri, Jun 10, 2022 at 10:50 AM Dmitry Belyavskiy <dbelyavs@xxxxxxxxxx> wrote:
> Dear colleagues,
> There is a need to increase RSA key requirements to make the installations
> more secure. Just updating the default compiled-in value isn't an option
> because it may significantly break legacy systems compatibility. This PR
> [1] introduces a new configuration option MinRSABits to be managed for
> security's sake.

Document it, in plain language, and make it clear how to revert the
change for specific targets. I went *nuts* recently because the CIS
published release of RHEL 8 does not permit the older protocol
specifically labeled "ssh-rsa"  for public authentication, and it
breaks SSH key based access to the Azure DevOps git server.

> If this approach is OK for upstream, please let me know and I will improve
> this PR according to the feedback.
> [1]
> --
> Dmitry Belyavskiy
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
openssh-unix-dev mailing list

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux