rpms/openssh
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Set minimal value of RSA key length via configuration option

Browse Source 
Related: rhbz#2066882
This commit is contained in:
Dmitry Belyavskiy 2022-08-16 19:33:50 +02:00
parent a0db6b2b7f
commit d925600c40
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
openssh-8.7p1-minrsabits.patch
View File

@ -262,6 +262,19 @@ index 67f8e0309..d050c1656 100644
if (verify_host_key(xxx_host, xxx_hostaddr, hostkey, if (verify_host_key(xxx_host, xxx_hostaddr, hostkey,
xxx_conn_info) == -1) xxx_conn_info) == -1)
fatal("Host key verification failed."); fatal("Host key verification failed.");
@@ -1762,6 +1762,12 @@ load_identity_file(Identity *id)
private = NULL;
quit = 1;
}
+ if (r = sshkey_check_rsa_length(private, options.rsa_min_size) != 0) {
+ debug_fr(r, "Skipping key %s", id->filename);
+ sshkey_free(private);
+ private = NULL;
+ quit = 1;
+ }
if (!quit && private != NULL && id->agent_fd == -1 &&
!(id->key && id->isprivate))
maybe_add_key_to_agent(id->filename, private, comment,
@@ -1747,6 +1751,12 @@ pubkey_prepare(struct ssh *ssh, Authctxt *authctxt) @@ -1747,6 +1751,12 @@ pubkey_prepare(struct ssh *ssh, Authctxt *authctxt)
close(agent_fd); close(agent_fd);
} else { } else {

2
openssh.spec
View File

@ -737,6 +737,8 @@ test -f %{sysconfig_anaconda} && \
* Tue Aug 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-22 * Tue Aug 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-22
- Avoid spirous message on connecting to the machine with ssh-rsa keys - Avoid spirous message on connecting to the machine with ssh-rsa keys
Related: rhbz#2115246 Related: rhbz#2115246
- Set minimal value of RSA key length via configuration option
Related: rhbz#2066882
* Thu Aug 04 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-21 * Thu Aug 04 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-21
- IBMCA workaround - IBMCA workaround