- djm@cvs.openbsd.org 2008/07/02 02:24:18

[sshd_config sshd_config.5 sshd.8 servconf.c]
     increase default size of ssh protocol 1 ephemeral key from 768 to 1024
     bits; prodded by & ok dtucker@ ok deraadt@
This commit is contained in:
Darren Tucker 2008-07-02 22:35:43 +10:00
parent f2e21dec68
commit 7499b0cca0
5 changed files with 15 additions and 11 deletions

View File

@ -24,6 +24,10 @@
- stevesk@cvs.openbsd.org 2008/07/01 23:12:47 - stevesk@cvs.openbsd.org 2008/07/01 23:12:47
[PROTOCOL.agent] [PROTOCOL.agent]
fix some typos; ok djm@ fix some typos; ok djm@
- djm@cvs.openbsd.org 2008/07/02 02:24:18
[sshd_config sshd_config.5 sshd.8 servconf.c]
increase default size of ssh protocol 1 ephemeral key from 768 to 1024
bits; prodded by & ok dtucker@ ok deraadt@
20080630 20080630
- (djm) OpenBSD CVS Sync - (djm) OpenBSD CVS Sync
@ -4507,4 +4511,4 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@ passwords between UnixWare and OpenServer they will still work. OK dtucker@
$Id: ChangeLog,v 1.5045 2008/07/02 12:35:00 dtucker Exp $ $Id: ChangeLog,v 1.5046 2008/07/02 12:35:43 dtucker Exp $

View File

@ -1,4 +1,4 @@
/* $OpenBSD: servconf.c,v 1.184 2008/06/15 16:58:40 dtucker Exp $ */ /* $OpenBSD: servconf.c,v 1.185 2008/07/02 02:24:18 djm Exp $ */
/* /*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved * All rights reserved
@ -158,7 +158,7 @@ fill_default_server_options(ServerOptions *options)
if (options->pid_file == NULL) if (options->pid_file == NULL)
options->pid_file = _PATH_SSH_DAEMON_PID_FILE; options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
if (options->server_key_bits == -1) if (options->server_key_bits == -1)
options->server_key_bits = 768; options->server_key_bits = 1024;
if (options->login_grace_time == -1) if (options->login_grace_time == -1)
options->login_grace_time = 120; options->login_grace_time = 120;
if (options->key_regeneration_time == -1) if (options->key_regeneration_time == -1)

6
sshd.8
View File

@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: sshd.8,v 1.245 2008/06/11 07:30:37 jmc Exp $ .\" $OpenBSD: sshd.8,v 1.246 2008/07/02 02:24:18 djm Exp $
.Dd $Mdocdate: June 11 2008 $ .Dd $Mdocdate: July 2 2008 $
.Dt SSHD 8 .Dt SSHD 8
.Os .Os
.Sh NAME .Sh NAME
@ -100,7 +100,7 @@ Forces
to use IPv6 addresses only. to use IPv6 addresses only.
.It Fl b Ar bits .It Fl b Ar bits
Specifies the number of bits in the ephemeral protocol version 1 Specifies the number of bits in the ephemeral protocol version 1
server key (default 768). server key (default 1024).
.It Fl C Ar connection_spec .It Fl C Ar connection_spec
Specify the connection parameters to use for the Specify the connection parameters to use for the
.Fl T .Fl T

View File

@ -1,4 +1,4 @@
# $OpenBSD: sshd_config,v 1.79 2008/05/08 12:21:16 djm Exp $ # $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
# This is the sshd server system-wide configuration file. See # This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information. # sshd_config(5) for more information.
@ -28,7 +28,7 @@ Protocol 2
# Lifetime and size of ephemeral version 1 server key # Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h #KeyRegenerationInterval 1h
#ServerKeyBits 768 #ServerKeyBits 1024
# Logging # Logging
# obsoletes QuietMode and FascistLogging # obsoletes QuietMode and FascistLogging

View File

@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: sshd_config.5,v 1.95 2008/06/15 16:58:40 dtucker Exp $ .\" $OpenBSD: sshd_config.5,v 1.96 2008/07/02 02:24:18 djm Exp $
.Dd $Mdocdate: June 15 2008 $ .Dd $Mdocdate: July 2 2008 $
.Dt SSHD_CONFIG 5 .Dt SSHD_CONFIG 5
.Os .Os
.Sh NAME .Sh NAME
@ -811,7 +811,7 @@ The default is
This option applies to protocol version 1 only. This option applies to protocol version 1 only.
.It Cm ServerKeyBits .It Cm ServerKeyBits
Defines the number of bits in the ephemeral protocol version 1 server key. Defines the number of bits in the ephemeral protocol version 1 server key.
The minimum value is 512, and the default is 768. The minimum value is 512, and the default is 1024.
.It Cm StrictModes .It Cm StrictModes
Specifies whether Specifies whether
.Xr sshd 8 .Xr sshd 8