Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added RequiredRSASize option for ssh client. #1064

Merged
merged 1 commit into from
Nov 8, 2023
Merged

Added RequiredRSASize option for ssh client. #1064

merged 1 commit into from
Nov 8, 2023

Conversation

inntran
Copy link
Contributor

@inntran inntran commented Oct 28, 2023

This is actually a bug, because the "RequiredRSASize" exists in recent OpenSSH source.

The reason I make this change are as follows:

  1. The RequiredRSASize option was added in openssh/openssh-portable@54b333d .
  2. RHEL 9.1 changed minimum RSA key size to 2048 by default, broke connections to old SSH servers. Reference: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/new-features#BZ-2066882
  3. Fedora Linux sync'd the change from RHEL 9.1. Reference: https://packages.fedoraproject.org/pkgs/openssh/openssh-server/fedora-37.html
  4. I was connecting to a legacy device over SSH and tried very hard to remember this option.

I have ran the supplied test for ssh, got the following output:

====== 12 passed, 1 xfailed in 35.62s ======

@inntran
Added RequiredRSASize option for ssh client.
549a387 
1. The RequiredRSASize option was added in openssh/openssh-portable@54b333d .
2. RHEL 9.1 changed minimum RSA key size to 2048 by default, broke connections
   to old SSH servers.
3. Fedora Linux sync'ed the change from RHEL 9.1. See:
https://packages.fedoraproject.org/pkgs/openssh/openssh-server/fedora-37.html
@inntran
Copy link
Contributor Author

inntran commented Oct 29, 2023
edited
Loading

To get the latest available OpenSSH client options:

curl --silent https://raw.githubusercontent.com/openssh/openssh-portable/master/ssh_config.5 | awk '$1==".It" && $2=="Cm" && $3!="Host" && $3 ~ /^[A-Z]/ {print $3}' | xargs | fold -s -w 72

I didn't include this because this might break user's expectations on old versions of OpenSSH client.
Or we could include this instruction to help downstream distributions to patch their own.

scop
scop approved these changes Nov 8, 2023
View reviewed changes
Copy link
Owner

@scop scop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Merging with commit message tweaked to our standards.

@scop scop merged commit de15205 into scop:master Nov 8, 2023
@github-actions github-actions bot mentioned this pull request Nov 8, 2023
Closed
@inntran inntran deleted the ssh-client-requiredrsasize branch November 15, 2023 19:02
@github-actions github-actions bot mentioned this pull request Feb 1, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@scop scop scop approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@inntran @scop