Date: Sun, 24 Jun 2012 16:34:04 +0000 From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Robert Simmons <rsimmons0@gmail.com> Cc: freebsd-security@freebsd.org Subject: Re: Add rc.conf variables to control host key length Message-ID: <4828EFCC-E60A-4961-9228-4A1ADAD28F73@lists.zabbadoz.net> In-Reply-To: <CA%2BQLa9CX26xEwRsz3g6FvBBbbFE0Gfw%2BUR6_RHYOXgZFcgCw5w@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
On 24. Jun 2012, at 16:07 , Robert Simmons wrote: > Here is a set of patches that add functionality to rc.conf allowing > users an easy way to control the length of the host keys used with ssh > (specifically RSA and ECDSA used with protocol version 2). Created for, not used with -- right? The used with is controlled in sshd_config and if the key is not there but it's enabled in sshd_config you'll get a warning on boot which is very annoying. > I would like to also discuss the merits of changing FreeBSD's default > behavior to using 4096 bit RSA keys and 521 bit ECDSA keys. > > I have refrained from changing FreeBSD's default behavior in these > patches and stuck to just adding configurability. Do we differ from what the OpenSSH defaults are? /bz -- Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do!home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4828EFCC-E60A-4961-9228-4A1ADAD28F73>