diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 14:08:25 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 14:08:25 +0000 |
commit | 951b0c3e23c010b230459dbf79b6382c1883b9e0 (patch) | |
tree | 56053f97348d1a8abd399e91b9b27c2f16ed5585 /debian | |
parent | Setting default key type in ssh-keygen to ED25519. (diff) | |
download | openssh-951b0c3e23c010b230459dbf79b6382c1883b9e0.tar.xz openssh-951b0c3e23c010b230459dbf79b6382c1883b9e0.zip |
Setting default RSA size in ssh-keygen to 4096.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian')
-rw-r--r-- | debian/patches/progress-linux/0002-ssh-keygen-default-rsa-size.patch | 27 | ||||
-rw-r--r-- | debian/patches/series | 1 |
2 files changed, 28 insertions, 0 deletions
diff --git a/debian/patches/progress-linux/0002-ssh-keygen-default-rsa-size.patch b/debian/patches/progress-linux/0002-ssh-keygen-default-rsa-size.patch new file mode 100644 index 0000000..d162e74 --- /dev/null +++ b/debian/patches/progress-linux/0002-ssh-keygen-default-rsa-size.patch @@ -0,0 +1,27 @@ +Author: Daniel Baumann <daniel.baumann@progress-linux.org> +Description: Setting default RSA size in ssh-keygen to 4096. + +diff -Naurp openssh.orig/ssh-keygen.1 openssh/ssh-keygen.1 +--- openssh.orig/ssh-keygen.1 ++++ openssh/ssh-keygen.1 +@@ -269,7 +269,7 @@ resistance to brute-force password crack + Show the bubblebabble digest of specified private or public key file. + .It Fl b Ar bits + Specifies the number of bits in the key to create. +-For RSA keys, the minimum size is 1024 bits and the default is 3072 bits. ++For RSA keys, the minimum size is 1024 bits and the default is 4096 bits. + Generally, 3072 bits is considered sufficient. + DSA keys must be exactly 1024 bits as specified by FIPS 186-2. + For ECDSA keys, the +diff -Naurp openssh.orig/ssh-keygen.c openssh/ssh-keygen.c +--- openssh.orig/ssh-keygen.c ++++ openssh/ssh-keygen.c +@@ -79,7 +79,7 @@ + * which a 160bit hash is acceptable is 1kbit, and since ssh-dss specifies only + * SHA1 we limit the DSA key size 1k bits. + */ +-#define DEFAULT_BITS 3072 ++#define DEFAULT_BITS 4096 + #define DEFAULT_BITS_DSA 1024 + #define DEFAULT_BITS_ECDSA 256 + diff --git a/debian/patches/series b/debian/patches/series index fb6eec5..7386086 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -34,3 +34,4 @@ CVE-2023-48795.patch CVE-2023-51384.patch CVE-2023-51385.patch progress-linux/0001-ssh-keygen-default-key-type.patch +progress-linux/0002-ssh-keygen-default-rsa-size.patch |