https://bugzilla.mindrot.org/show_bug.cgi?id=3174
Bug ID: 3174
Summary: Enable OpenSSH to connect older gear having
limitations on host RSA key length, implemented, see
the pull request.
Product: Portable OpenSSH
Version: 8.3p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs@mindrot.org
Reporter: sinihappo@alo.fi
Created attachment 3404
--> https://bugzilla.mindrot.org/attachment.cgi?id=3404&action=edit
Patch to implement the option
I have struggled with older network gear, where either it is not
possible because of the lack of new FW or lack of permit to upgrade. If
you think that having this option needs more safeguards, please give
ideas on what kind of extra checks or options or anything.
So I implemented the option to lower the (now) hard limit of
SSH_RSA_MINIMUM_MODULUS_SIZE. There is still real hard limit defined
in the source code.
My rationale for this option is that it is better to be able to use the
same OpenSSH program to connect to older gear as well instead of having
to compile a separate binary now and then to be able to connect. This
way, one automatically uses the latest OpenSSH instead of some old
version.
I made a pull request of this here:
https://github.com/openssh/openssh-portable/pull/188
I am sorry if this bothers someone but as I implemented this, I also
thought it is better to offer it here, too.
And again, if anyone has better ideas to solve my (and there are
others, I googled!) problem, please discuss this!
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
Bug ID: 3174
Summary: Enable OpenSSH to connect older gear having
limitations on host RSA key length, implemented, see
the pull request.
Product: Portable OpenSSH
Version: 8.3p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs@mindrot.org
Reporter: sinihappo@alo.fi
Created attachment 3404
--> https://bugzilla.mindrot.org/attachment.cgi?id=3404&action=edit
Patch to implement the option
I have struggled with older network gear, where either it is not
possible because of the lack of new FW or lack of permit to upgrade. If
you think that having this option needs more safeguards, please give
ideas on what kind of extra checks or options or anything.
So I implemented the option to lower the (now) hard limit of
SSH_RSA_MINIMUM_MODULUS_SIZE. There is still real hard limit defined
in the source code.
My rationale for this option is that it is better to be able to use the
same OpenSSH program to connect to older gear as well instead of having
to compile a separate binary now and then to be able to connect. This
way, one automatically uses the latest OpenSSH instead of some old
version.
I made a pull request of this here:
https://github.com/openssh/openssh-portable/pull/188
I am sorry if this bothers someone but as I implemented this, I also
thought it is better to offer it here, too.
And again, if anyone has better ideas to solve my (and there are
others, I googled!) problem, please discuss this!
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs