diff --git a/openssh-8.7p1-minrsabits.patch b/openssh-8.7p1-minrsabits.patch
index 57019b6..107fe70 100644
--- a/openssh-8.7p1-minrsabits.patch
+++ b/openssh-8.7p1-minrsabits.patch
@@ -262,6 +262,19 @@ index 67f8e0309..d050c1656 100644
  	if (verify_host_key(xxx_host, xxx_hostaddr, hostkey,
  	    xxx_conn_info) == -1)
  		fatal("Host key verification failed.");
+@@ -1762,6 +1762,12 @@ load_identity_file(Identity *id)
+ 			private = NULL;
+ 			quit = 1;
+ 		}
++		if (r = sshkey_check_rsa_length(private, options.rsa_min_size) != 0) {
++			debug_fr(r, "Skipping key %s", id->filename);
++			sshkey_free(private);
++			private = NULL;
++			quit = 1;
++		}
+ 		if (!quit && private != NULL && id->agent_fd == -1 &&
+ 		    !(id->key && id->isprivate))
+ 			maybe_add_key_to_agent(id->filename, private, comment,
 @@ -1747,6 +1751,12 @@ pubkey_prepare(struct ssh *ssh, Authctxt *authctxt)
 		close(agent_fd);
 	} else {
diff --git a/openssh.spec b/openssh.spec
index e21cf8f..4ce3542 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -737,6 +737,8 @@ test -f %{sysconfig_anaconda} && \
 * Tue Aug 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-22
 - Avoid spirous message on connecting to the machine with ssh-rsa keys
   Related: rhbz#2115246
+- Set minimal value of RSA key length via configuration option
+  Related: rhbz#2066882
 
 * Thu Aug 04 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-21
 - IBMCA workaround