On Fri, Jun 10, 2022 at 10:50 AM Dmitry Belyavskiy <dbelyavs@xxxxxxxxxx> wrote: > > Dear colleagues, > > There is a need to increase RSA key requirements to make the installations > more secure. Just updating the default compiled-in value isn't an option > because it may significantly break legacy systems compatibility. This PR > [1] introduces a new configuration option MinRSABits to be managed for > security's sake. Document it, in plain language, and make it clear how to revert the change for specific targets. I went *nuts* recently because the CIS published release of RHEL 8 does not permit the older protocol specifically labeled "ssh-rsa" for public authentication, and it breaks SSH key based access to the Azure DevOps git server. > If this approach is OK for upstream, please let me know and I will improve > this PR according to the feedback. > > [1] https://github.com/openssh/openssh-portable/pull/325 > > -- > Dmitry Belyavskiy > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
