summaryrefslogtreecommitdiffstats
path: root/debian
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 14:08:25 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 14:08:25 +0000
commit951b0c3e23c010b230459dbf79b6382c1883b9e0 (patch)
tree56053f97348d1a8abd399e91b9b27c2f16ed5585 /debian
parentSetting default key type in ssh-keygen to ED25519. (diff)
downloadopenssh-951b0c3e23c010b230459dbf79b6382c1883b9e0.tar.xz
openssh-951b0c3e23c010b230459dbf79b6382c1883b9e0.zip
Setting default RSA size in ssh-keygen to 4096.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian')
-rw-r--r--debian/patches/progress-linux/0002-ssh-keygen-default-rsa-size.patch27
-rw-r--r--debian/patches/series1
2 files changed, 28 insertions, 0 deletions
diff --git a/debian/patches/progress-linux/0002-ssh-keygen-default-rsa-size.patch b/debian/patches/progress-linux/0002-ssh-keygen-default-rsa-size.patch
new file mode 100644
index 0000000..d162e74
--- /dev/null
+++ b/debian/patches/progress-linux/0002-ssh-keygen-default-rsa-size.patch
@@ -0,0 +1,27 @@
+Author: Daniel Baumann <daniel.baumann@progress-linux.org>
+Description: Setting default RSA size in ssh-keygen to 4096.
+
+diff -Naurp openssh.orig/ssh-keygen.1 openssh/ssh-keygen.1
+--- openssh.orig/ssh-keygen.1
++++ openssh/ssh-keygen.1
+@@ -269,7 +269,7 @@ resistance to brute-force password crack
+ Show the bubblebabble digest of specified private or public key file.
+ .It Fl b Ar bits
+ Specifies the number of bits in the key to create.
+-For RSA keys, the minimum size is 1024 bits and the default is 3072 bits.
++For RSA keys, the minimum size is 1024 bits and the default is 4096 bits.
+ Generally, 3072 bits is considered sufficient.
+ DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
+ For ECDSA keys, the
+diff -Naurp openssh.orig/ssh-keygen.c openssh/ssh-keygen.c
+--- openssh.orig/ssh-keygen.c
++++ openssh/ssh-keygen.c
+@@ -79,7 +79,7 @@
+ * which a 160bit hash is acceptable is 1kbit, and since ssh-dss specifies only
+ * SHA1 we limit the DSA key size 1k bits.
+ */
+-#define DEFAULT_BITS 3072
++#define DEFAULT_BITS 4096
+ #define DEFAULT_BITS_DSA 1024
+ #define DEFAULT_BITS_ECDSA 256
+
diff --git a/debian/patches/series b/debian/patches/series
index fb6eec5..7386086 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -34,3 +34,4 @@ CVE-2023-48795.patch
CVE-2023-51384.patch
CVE-2023-51385.patch
progress-linux/0001-ssh-keygen-default-key-type.patch
+progress-linux/0002-ssh-keygen-default-rsa-size.patch