Date: Sun, 24 Jun 2012 16:34:04 +0000 From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Robert Simmons <rsimmons0@gmail.com> Cc: freebsd-security@freebsd.org Subject: Re: Add rc.conf variables to control host key length Message-ID: <4828EFCC-E60A-4961-9228-4A1ADAD28F73@lists.zabbadoz.net> In-Reply-To: <CA%2BQLa9CX26xEwRsz3g6FvBBbbFE0Gfw%2BUR6_RHYOXgZFcgCw5w@mail.gmail.com> References: <CA%2BQLa9CX26xEwRsz3g6FvBBbbFE0Gfw%2BUR6_RHYOXgZFcgCw5w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 24. Jun 2012, at 16:07 , Robert Simmons wrote: > Here is a set of patches that add functionality to rc.conf allowing > users an easy way to control the length of the host keys used with ssh > (specifically RSA and ECDSA used with protocol version 2). Created for, not used with -- right? The used with is controlled in sshd_config and if the key is not there but it's enabled in sshd_config you'll get a warning on boot which is very annoying. > I would like to also discuss the merits of changing FreeBSD's default > behavior to using 4096 bit RSA keys and 521 bit ECDSA keys. > > I have refrained from changing FreeBSD's default behavior in these > patches and stuck to just adding configurability. Do we differ from what the OpenSSH defaults are? /bz -- Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4828EFCC-E60A-4961-9228-4A1ADAD28F73>