From 39ceddb7b95baa911d0f93cd7feb40e20f965c83 Mon Sep 17 00:00:00 2001 From: dtucker Date: Wed, 2 Jul 2008 12:35:43 +0000 Subject: [PATCH] - djm@cvs.openbsd.org 2008/07/02 02:24:18 [sshd_config sshd_config.5 sshd.8 servconf.c] increase default size of ssh protocol 1 ephemeral key from 768 to 1024 bits; prodded by & ok dtucker@ ok deraadt@ --- ChangeLog | 4 ++++ servconf.c | 4 ++-- sshd.8 | 4 ++-- sshd_config | 4 ++-- sshd_config.5 | 4 ++-- 5 files changed, 12 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index f929a702..e2386dc9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -24,6 +24,10 @@ - stevesk@cvs.openbsd.org 2008/07/01 23:12:47 [PROTOCOL.agent] fix some typos; ok djm@ + - djm@cvs.openbsd.org 2008/07/02 02:24:18 + [sshd_config sshd_config.5 sshd.8 servconf.c] + increase default size of ssh protocol 1 ephemeral key from 768 to 1024 + bits; prodded by & ok dtucker@ ok deraadt@ 20080630 - (djm) OpenBSD CVS Sync diff --git a/servconf.c b/servconf.c index 67e7d7db..9d9c9508 100644 --- a/servconf.c +++ b/servconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.184 2008/06/15 16:58:40 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.185 2008/07/02 02:24:18 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -158,7 +158,7 @@ fill_default_server_options(ServerOptions *options) if (options->pid_file == NULL) options->pid_file = _PATH_SSH_DAEMON_PID_FILE; if (options->server_key_bits == -1) - options->server_key_bits = 768; + options->server_key_bits = 1024; if (options->login_grace_time == -1) options->login_grace_time = 120; if (options->key_regeneration_time == -1) diff --git a/sshd.8 b/sshd.8 index ffb62e8a..0c8f4310 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.245 2008/06/11 07:30:37 jmc Exp $ +.\" $OpenBSD: sshd.8,v 1.246 2008/07/02 02:24:18 djm Exp $ .Dd $Mdocdate$ .Dt SSHD 8 .Os @@ -100,7 +100,7 @@ Forces to use IPv6 addresses only. .It Fl b Ar bits Specifies the number of bits in the ephemeral protocol version 1 -server key (default 768). +server key (default 1024). .It Fl C Ar connection_spec Specify the connection parameters to use for the .Fl T diff --git a/sshd_config b/sshd_config index c5ee7c8a..1b53a0ef 100644 --- a/sshd_config +++ b/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.79 2008/05/08 12:21:16 djm Exp $ +# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -28,7 +28,7 @@ Protocol 2 # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h -#ServerKeyBits 768 +#ServerKeyBits 1024 # Logging # obsoletes QuietMode and FascistLogging diff --git a/sshd_config.5 b/sshd_config.5 index cb24ac1f..6baf62a3 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.95 2008/06/15 16:58:40 dtucker Exp $ +.\" $OpenBSD: sshd_config.5,v 1.96 2008/07/02 02:24:18 djm Exp $ .Dd $Mdocdate$ .Dt SSHD_CONFIG 5 .Os @@ -811,7 +811,7 @@ The default is This option applies to protocol version 1 only. .It Cm ServerKeyBits Defines the number of bits in the ephemeral protocol version 1 server key. -The minimum value is 512, and the default is 768. +The minimum value is 512, and the default is 1024. .It Cm StrictModes Specifies whether .Xr sshd 8 -- 2.45.1