Add rc.conf variables to control host key length
J. Hellenthal
jhellenthal at dataix.net
Sun Jun 24 16:59:25 UTC 2012
On Sun, Jun 24, 2012 at 04:34:04PM +0000, Bjoern A. Zeeb wrote:
>
> On 24. Jun 2012, at 16:07 , Robert Simmons wrote:
>
> > Here is a set of patches that add functionality to rc.conf allowing
> > users an easy way to control the length of the host keys used with ssh
> > (specifically RSA and ECDSA used with protocol version 2).
>
> Created for, not used with -- right?
>
> The used with is controlled in sshd_config and if the key is not there
> but it's enabled in sshd_config you'll get a warning on boot which is
> very annoying.
>
>
> > I would like to also discuss the merits of changing FreeBSD's default
> > behavior to using 4096 bit RSA keys and 521 bit ECDSA keys.
> >
> > I have refrained from changing FreeBSD's default behavior in these
> > patches and stuck to just adding configurability.
>
> Do we differ from what the OpenSSH defaults are?
>
Defaults being ...
2048 RSA
1024 DSA
256 ECDSA
These are more then sufficient for any normal ssh use.
--
- (2^(N-1))
More information about the freebsd-security
mailing list