[auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c]
introduce a generic %foo expansion function. replace existing % expansion
and add expansion to ControlPath; ok markus@
+ - djm@cvs.openbsd.org 2005/06/08 03:50:00
+ [ssh-keygen.1 ssh-keygen.c sshd.8]
+ increase default rsa/dsa key length from 1024 to 2048 bits;
+ ok markus@ deraadt@
20050609
- (dtucker) [cipher.c openbsd-compat/Makefile.in
-.\" $OpenBSD: ssh-keygen.1,v 1.68 2005/04/21 06:17:50 djm Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.69 2005/06/08 03:50:00 djm Exp $
.\"
.\" -*- nroff -*-
.\"
.It Fl b Ar bits
Specifies the number of bits in the key to create.
Minimum is 512 bits.
-Generally, 1024 bits is considered sufficient.
-The default is 1024 bits.
+Generally, 2048 bits is considered sufficient.
+The default is 2048 bits.
.It Fl C Ar comment
Provides a new comment.
.It Fl c
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.126 2005/05/26 09:08:12 dtucker Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.127 2005/06/08 03:50:00 djm Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
#include "dns.h"
/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */
-u_int32_t bits = 1024;
+u_int32_t bits = 2048;
/*
* Flag indicating that we just want to change the passphrase. This can be
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.207 2005/04/21 06:17:50 djm Exp $
+.\" $OpenBSD: sshd.8,v 1.208 2005/06/08 03:50:00 djm Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
works as follows:
.Ss SSH protocol version 1
Each host has a host-specific RSA key
-(normally 1024 bits) used to identify the host.
+(normally 2048 bits) used to identify the host.
Additionally, when
the daemon starts, it generates a server RSA key (normally 768 bits).
This key is normally regenerated every hour if it has been used, and