From d925600c40b93b68c757a9b368f6afc39cbbe80f Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Tue, 16 Aug 2022 19:33:50 +0200 Subject: [PATCH] Set minimal value of RSA key length via configuration option Related: rhbz#2066882 --- openssh-8.7p1-minrsabits.patch | 13 +++++++++++++ openssh.spec | 2 ++ 2 files changed, 15 insertions(+) diff --git a/openssh-8.7p1-minrsabits.patch b/openssh-8.7p1-minrsabits.patch index 57019b6..107fe70 100644 --- a/openssh-8.7p1-minrsabits.patch +++ b/openssh-8.7p1-minrsabits.patch @@ -262,6 +262,19 @@ index 67f8e0309..d050c1656 100644 if (verify_host_key(xxx_host, xxx_hostaddr, hostkey, xxx_conn_info) == -1) fatal("Host key verification failed."); +@@ -1762,6 +1762,12 @@ load_identity_file(Identity *id) + private = NULL; + quit = 1; + } ++ if (r = sshkey_check_rsa_length(private, options.rsa_min_size) != 0) { ++ debug_fr(r, "Skipping key %s", id->filename); ++ sshkey_free(private); ++ private = NULL; ++ quit = 1; ++ } + if (!quit && private != NULL && id->agent_fd == -1 && + !(id->key && id->isprivate)) + maybe_add_key_to_agent(id->filename, private, comment, @@ -1747,6 +1751,12 @@ pubkey_prepare(struct ssh *ssh, Authctxt *authctxt) close(agent_fd); } else { diff --git a/openssh.spec b/openssh.spec index e21cf8f..4ce3542 100644 --- a/openssh.spec +++ b/openssh.spec @@ -737,6 +737,8 @@ test -f %{sysconfig_anaconda} && \ * Tue Aug 16 2022 Dmitry Belyavskiy - 8.7p1-22 - Avoid spirous message on connecting to the machine with ssh-rsa keys Related: rhbz#2115246 +- Set minimal value of RSA key length via configuration option + Related: rhbz#2066882 * Thu Aug 04 2022 Dmitry Belyavskiy - 8.7p1-21 - IBMCA workaround