- djm@cvs.openbsd.org 2008/07/02 02:24:18

     [sshd_config sshd_config.5 sshd.8 servconf.c]
     increase default size of ssh protocol 1 ephemeral key from 768 to 1024
     bits; prodded by & ok dtucker@ ok deraadt@

diff --git a/ChangeLog b/ChangeLog
index f929a70201ea83524b64b67e2e59db9277729e3d..e2386dc953f9245cf0a414ac872e3eb3405eae0d 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -24,6 +24,10 @@
    - stevesk@cvs.openbsd.org 2008/07/01 23:12:47
      [PROTOCOL.agent]
      fix some typos; ok djm@
+   - djm@cvs.openbsd.org 2008/07/02 02:24:18
+     [sshd_config sshd_config.5 sshd.8 servconf.c]
+     increase default size of ssh protocol 1 ephemeral key from 768 to 1024
+     bits; prodded by & ok dtucker@ ok deraadt@
 
 20080630
  - (djm) OpenBSD CVS Sync

diff --git a/servconf.c b/servconf.c
index 67e7d7db32dfef0ad600800855eff48e2908e27f..9d9c9508ea18707e3805da90cf3e9c401e963fc5 100644 (file)
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.184 2008/06/15 16:58:40 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.185 2008/07/02 02:24:18 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -158,7 +158,7 @@ fill_default_server_options(ServerOptions *options)
        if (options->pid_file == NULL)
                options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
        if (options->server_key_bits == -1)
-               options->server_key_bits = 768;
+               options->server_key_bits = 1024;
        if (options->login_grace_time == -1)
                options->login_grace_time = 120;
        if (options->key_regeneration_time == -1)

diff --git a/sshd.8 b/sshd.8
index ffb62e8a18545e1a905e12981c30ea5c1dac53a8..0c8f4310a94c58db6f3e29a7e6ab2ed6ee0a6504 100644 (file)
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.245 2008/06/11 07:30:37 jmc Exp $
+.\" $OpenBSD: sshd.8,v 1.246 2008/07/02 02:24:18 djm Exp $
 .Dd $Mdocdate$
 .Dt SSHD 8
 .Os
@@ -100,7 +100,7 @@ Forces
 to use IPv6 addresses only.
 .It Fl b Ar bits
 Specifies the number of bits in the ephemeral protocol version 1
-server key (default 768).
+server key (default 1024).
 .It Fl C Ar connection_spec
 Specify the connection parameters to use for the
 .Fl T

diff --git a/sshd_config b/sshd_config
index c5ee7c8a49e9d74ba258251aa5a3e1c715fd2021..1b53a0efb91fcd232f2be78c8cd95823cc5c766d 100644 (file)
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-#      $OpenBSD: sshd_config,v 1.79 2008/05/08 12:21:16 djm Exp $
+#      $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -28,7 +28,7 @@ Protocol 2
 
 # Lifetime and size of ephemeral version 1 server key
 #KeyRegenerationInterval 1h
-#ServerKeyBits 768
+#ServerKeyBits 1024
 
 # Logging
 # obsoletes QuietMode and FascistLogging

diff --git a/sshd_config.5 b/sshd_config.5
index cb24ac1f967b6b3b511cba7862a33596fff6f410..6baf62a31349014583fa3508673ac70374989317 100644 (file)
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.95 2008/06/15 16:58:40 dtucker Exp $
+.\" $OpenBSD: sshd_config.5,v 1.96 2008/07/02 02:24:18 djm Exp $
 .Dd $Mdocdate$
 .Dt SSHD_CONFIG 5
 .Os
@@ -811,7 +811,7 @@ The default is
 This option applies to protocol version 1 only.
 .It Cm ServerKeyBits
 Defines the number of bits in the ephemeral protocol version 1 server key.
-The minimum value is 512, and the default is 768.
+The minimum value is 512, and the default is 1024.
 .It Cm StrictModes
 Specifies whether
 .Xr sshd 8