Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 24 Jun 2012 12:07:24 -0400
From:      Robert Simmons <rsimmons0@gmail.com>
To:        freebsd-security@freebsd.org
Subject:   Add rc.conf variables to control host key length
Message-ID:  <CA%2BQLa9CX26xEwRsz3g6FvBBbbFE0Gfw%2BUR6_RHYOXgZFcgCw5w@mail.gmail.com>

next in thread | raw e-mail | index | archive | help
--14dae9ccd488a1c86204c33a0f0d
Content-Type: text/plain; charset=ISO-8859-1

Here is a set of patches that add functionality to rc.conf allowing
users an easy way to control the length of the host keys used with ssh
(specifically RSA and ECDSA used with protocol version 2).

I would like to also discuss the merits of changing FreeBSD's default
behavior to using 4096 bit RSA keys and 521 bit ECDSA keys.

I have refrained from changing FreeBSD's default behavior in these
patches and stuck to just adding configurability.

Please let me know if you see any problems with these patches.

--14dae9ccd488a1c86204c33a0f0d
Content-Type: application/octet-stream; name="rc.conf.5.diff"
Content-Disposition: attachment; filename="rc.conf.5.diff"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_h3ub8vsg0

LS0tIHNyYy9zaGFyZS9tYW4vbWFuNS9yYy5jb25mLjUub2xkCTIwMTItMDYtMjQgMTE6MjY6MzAu
MzY3MzYxOTY5IC0wNDAwCisrKyBzcmMvc2hhcmUvbWFuL21hbjUvcmMuY29uZi41CTIwMTItMDYt
MjQgMTE6NDk6NTAuNDExMzM0NDc5IC0wNDAwCkBAIC0zNjY0LDYgKzM2NjQsMzIgQEAKIHRoZXNl
IGFyZSB0aGUgZmxhZ3MgdG8gcGFzcyB0byB0aGUKIC5YciBzc2hkIDgKIGRhZW1vbi4KKy5JdCBW
YSByc2Ffa2V5c2l6ZV9mbGFnCisuUHEgVnQgc3RyCitJZgorLlZhIHNzaGRfZW5hYmxlCitpcyBz
ZXQgdG8KKy5EcSBMaSBZRVMgLAordGhpcyBpcyB0aGUgZmxhZyB0byBwYXNzIHRvCisuWHIgc3No
LWtleWdlbiAxCit0aGF0IHNwZWNpZmllcyB0aGUgbnVtYmVyIG9mIGJpdHMgdG8gY3JlYXRlIGlu
IHRoZSBSU0EgaG9zdCBrZXkgdXNlZCB3aXRoIHNzaAorcHJvdG9jb2wgdmVyc2lvbiAyLgorVGhl
IG1pbmltdW0gc2l6ZSBpcyA3NjggYml0cywgYW5kIHRoZSBkZWZhdWx0IGlzIDIwNDggYml0cy4K
K0dlbmVyYWxseSwgMjA0OCBiaXRzIGlzIGNvbnNpZGVyZWQgc3VmZmljaWVudCwgYnV0IHRoZSBt
YXhpbXVtIGlzIDQwOTYgYml0cy4KK0xlYXZpbmcgdGhpcyBlbXB0eSB3aWxsIHNldCB0aGUgc2l6
ZSB0byBkZWZhdWx0LgorLkl0IFZhIGVjZHNhX2tleXNpemVfZmxhZworLlBxIFZ0IHN0cgorSWYK
Ky5WYSBzc2hkX2VuYWJsZQoraXMgc2V0IHRvCisuRHEgTGkgWUVTICwKK3RoaXMgaXMgdGhlIGZs
YWcgdG8gcGFzcyB0bworLlhyIHNzaC1rZXlnZW4gMQordGhhdCBkZXRlcm1pbmVzIHRoZSBrZXkg
bGVuZ3RoIGJ5IHNlbGVjdGluZyBmcm9tIG9uZSBvZiB0aHJlZSBlbGxpcHRpYyBjdXJ2ZQorc2l6
ZXMgdXNlZCB0byBnZW5lcmF0ZSB0aGUgRUNEU0Ega2V5IHVzZWQgd2l0aCBzc2ggcHJvdG9jb2wg
dmVyc2lvbiAyLgorVGhlIHRocmVlIGNob2ljZXMgYXJlIDI1NiwgMzg0LCBhbmQgNTIxIGJpdHMg
d2l0aCAyNTYgYml0cyBiZWluZyB0aGUgZGVmYXVsdC4KK0F0dGVtcHRpbmcgdG8gdXNlIGJpdCBs
ZW5ndGhzIG90aGVyIHRoYW4gdGhlc2UgdGhyZWUgdmFsdWVzIHdpbGwgZmFpbC4KK0xlYXZpbmcg
dGhpcyBlbXB0eSB3aWxsIHNldCB0aGUgc2l6ZSB0byBkZWZhdWx0LgogLkl0IFZhIGZ0cGRfcHJv
Z3JhbQogLlBxIFZ0IHN0cgogUGF0aCB0byB0aGUgRlRQIHNlcnZlciBwcm9ncmFtCg==
--14dae9ccd488a1c86204c33a0f0d
Content-Type: application/octet-stream; name="rc.conf.diff"
Content-Disposition: attachment; filename="rc.conf.diff"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_h3ub90xm1

LS0tIHNyYy9ldGMvZGVmYXVsdHMvcmMuY29uZi5vbGQJMjAxMi0wNi0yNCAxMToxNzozMy4wOTUz
NzI1MTggLTA0MDAKKysrIHNyYy9ldGMvZGVmYXVsdHMvcmMuY29uZgkyMDEyLTA2LTI0IDExOjUz
OjQ3LjI4MzMyOTgzMCAtMDQwMApAQCAtMzE2LDYgKzMxNiw4IEBACiBzc2hkX2VuYWJsZT0iTk8i
CQkjIEVuYWJsZSBzc2hkCiBzc2hkX3Byb2dyYW09Ii91c3Ivc2Jpbi9zc2hkIgkjIHBhdGggdG8g
c3NoZCwgaWYgeW91IHdhbnQgYSBkaWZmZXJlbnQgb25lLgogc3NoZF9mbGFncz0iIgkJCSMgQWRk
aXRpb25hbCBmbGFncyBmb3Igc3NoZC4KK3JzYV9rZXlzaXplX2ZsYWc9IiIJCSMga2V5c2l6ZSBm
bGFnIGZvciBzc2gta2V5Z2VuLCB2MiBSU0Ega2V5cworZWNkc2Ffa2V5c2l6ZV9mbGFnPSIiCQkj
IGtleXNpemUgZmxhZyBmb3Igc3NoLWtleWdlbiwgdjIgRUNEU0Ega2V5cwogZnRwZF9lbmFibGU9
Ik5PIgkJIyBFbmFibGUgc3RhbmQtYWxvbmUgZnRwZC4KIGZ0cGRfcHJvZ3JhbT0iL3Vzci9saWJl
eGVjL2Z0cGQiICMgUGF0aCB0byBmdHBkLCBpZiB5b3Ugd2FudCBhIGRpZmZlcmVudCBvbmUuCiBm
dHBkX2ZsYWdzPSIiCQkJIyBBZGRpdGlvbmFsIGZsYWdzIHRvIHN0YW5kLWFsb25lIGZ0cGQuCg==
--14dae9ccd488a1c86204c33a0f0d
Content-Type: application/octet-stream; name="sshd.diff"
Content-Disposition: attachment; filename="sshd.diff"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_h3ub95ef2

LS0tIHNyYy9ldGMvcmMuZC9zc2hkLm9sZAkyMDEyLTA2LTI0IDExOjU0OjUxLjIzNTMyODU3NCAt
MDQwMAorKysgc3JjL2V0Yy9yYy5kL3NzaGQJMjAxMi0wNi0yNCAxMTo1Njo0OS44MzUzMjYyNDUg
LTA0MDAKQEAgLTc0LDcgKzc0LDggQEAKIAkJICAgICJpbiAvZXRjL3NzaC9zc2hfaG9zdF9yc2Ff
a2V5IgogCQllY2hvICJTa2lwcGluZyBwcm90b2NvbCB2ZXJzaW9uIDIgUlNBIEtleSBHZW5lcmF0
aW9uIgogCWVsc2UKLQkJL3Vzci9iaW4vc3NoLWtleWdlbiAtdCByc2EgLWYgL2V0Yy9zc2gvc3No
X2hvc3RfcnNhX2tleSAtTiAnJworCQkvdXNyL2Jpbi9zc2gta2V5Z2VuICR7cnNhX2tleXNpemVf
ZmxhZ30gLXQgcnNhIFwKKwkJICAgIC1mIC9ldGMvc3NoL3NzaF9ob3N0X3JzYV9rZXkgLU4gJycK
IAlmaQogCiAJaWYgWyAtZiAvZXRjL3NzaC9zc2hfaG9zdF9lY2RzYV9rZXkgXTsgdGhlbgpAQCAt
ODIsNyArODMsOCBAQAogCQkgICAgImluIC9ldGMvc3NoL3NzaF9ob3N0X2VjZHNhX2tleSIKIAkJ
ZWNobyAiU2tpcHBpbmcgcHJvdG9jb2wgdmVyc2lvbiAyIEVDRFNBIEtleSBHZW5lcmF0aW9uIgog
CWVsc2UKLQkJL3Vzci9iaW4vc3NoLWtleWdlbiAtdCBlY2RzYSAtZiAvZXRjL3NzaC9zc2hfaG9z
dF9lY2RzYV9rZXkgLU4gJycKKwkJL3Vzci9iaW4vc3NoLWtleWdlbiAke2VjZHNhX2tleXNpemVf
ZmxhZ30gLXQgZWNkc2EgXAorCQkgICAgLWYgL2V0Yy9zc2gvc3NoX2hvc3RfZWNkc2Ffa2V5IC1O
ICcnCiAJZmkKIAkpCiB9Cg==
--14dae9ccd488a1c86204c33a0f0d--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BQLa9CX26xEwRsz3g6FvBBbbFE0Gfw%2BUR6_RHYOXgZFcgCw5w>