diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 19:52:30 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 19:52:30 +0000 |
commit | 7e740664a250ce36838bf405ab39fd3b3fa2d7fb (patch) | |
tree | 580ba159bbe9730727c4ca9e81fd159876ad5d21 /debian | |
parent | Disabling pam_motd.so. (diff) | |
download | openssh-7e740664a250ce36838bf405ab39fd3b3fa2d7fb.tar.xz openssh-7e740664a250ce36838bf405ab39fd3b3fa2d7fb.zip |
Setting default RSA size in ssh-keygen to 4096.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian')
-rw-r--r-- | debian/patches/progress-linux/0001-ssh-keygen-default-rsa-size.patch | 27 | ||||
-rw-r--r-- | debian/patches/series | 1 |
2 files changed, 28 insertions, 0 deletions
diff --git a/debian/patches/progress-linux/0001-ssh-keygen-default-rsa-size.patch b/debian/patches/progress-linux/0001-ssh-keygen-default-rsa-size.patch new file mode 100644 index 0000000..d162e74 --- /dev/null +++ b/debian/patches/progress-linux/0001-ssh-keygen-default-rsa-size.patch @@ -0,0 +1,27 @@ +Author: Daniel Baumann <daniel.baumann@progress-linux.org> +Description: Setting default RSA size in ssh-keygen to 4096. + +diff -Naurp openssh.orig/ssh-keygen.1 openssh/ssh-keygen.1 +--- openssh.orig/ssh-keygen.1 ++++ openssh/ssh-keygen.1 +@@ -269,7 +269,7 @@ resistance to brute-force password crack + Show the bubblebabble digest of specified private or public key file. + .It Fl b Ar bits + Specifies the number of bits in the key to create. +-For RSA keys, the minimum size is 1024 bits and the default is 3072 bits. ++For RSA keys, the minimum size is 1024 bits and the default is 4096 bits. + Generally, 3072 bits is considered sufficient. + DSA keys must be exactly 1024 bits as specified by FIPS 186-2. + For ECDSA keys, the +diff -Naurp openssh.orig/ssh-keygen.c openssh/ssh-keygen.c +--- openssh.orig/ssh-keygen.c ++++ openssh/ssh-keygen.c +@@ -79,7 +79,7 @@ + * which a 160bit hash is acceptable is 1kbit, and since ssh-dss specifies only + * SHA1 we limit the DSA key size 1k bits. + */ +-#define DEFAULT_BITS 3072 ++#define DEFAULT_BITS 4096 + #define DEFAULT_BITS_DSA 1024 + #define DEFAULT_BITS_ECDSA 256 + diff --git a/debian/patches/series b/debian/patches/series index 2170a6a..a400792 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -26,3 +26,4 @@ maxhostnamelen.patch conch-ssh-rsa.patch systemd-socket-activation.patch broken-zero-call-used-regs.patch +progress-linux/0001-ssh-keygen-default-rsa-size.patch |