From ac7ef6a7360f7b1e417790d288f42f474c4ceb55 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 16 Jun 2005 13:19:06 +1000 Subject: [PATCH] - djm@cvs.openbsd.org 2005/06/08 03:50:00 [ssh-keygen.1 ssh-keygen.c sshd.8] increase default rsa/dsa key length from 1024 to 2048 bits; ok markus@ deraadt@ --- ChangeLog | 6 +++++- ssh-keygen.1 | 6 +++--- ssh-keygen.c | 4 ++-- sshd.8 | 4 ++-- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index b439cbecd..728026a62 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,10 @@ [auth.c auth.h misc.c misc.h ssh.c ssh_config.5 sshconnect.c] introduce a generic %foo expansion function. replace existing % expansion and add expansion to ControlPath; ok markus@ + - djm@cvs.openbsd.org 2005/06/08 03:50:00 + [ssh-keygen.1 ssh-keygen.c sshd.8] + increase default rsa/dsa key length from 1024 to 2048 bits; + ok markus@ deraadt@ 20050609 - (dtucker) [cipher.c openbsd-compat/Makefile.in @@ -2702,4 +2706,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3817 2005/06/16 03:18:34 djm Exp $ +$Id: ChangeLog,v 1.3818 2005/06/16 03:19:06 djm Exp $ diff --git a/ssh-keygen.1 b/ssh-keygen.1 index ac0b72764..5454d00ce 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.68 2005/04/21 06:17:50 djm Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.69 2005/06/08 03:50:00 djm Exp $ .\" .\" -*- nroff -*- .\" @@ -188,8 +188,8 @@ Show the bubblebabble digest of specified private or public key file. .It Fl b Ar bits Specifies the number of bits in the key to create. Minimum is 512 bits. -Generally, 1024 bits is considered sufficient. -The default is 1024 bits. +Generally, 2048 bits is considered sufficient. +The default is 2048 bits. .It Fl C Ar comment Provides a new comment. .It Fl c diff --git a/ssh-keygen.c b/ssh-keygen.c index 246c7d50f..828d2be79 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.126 2005/05/26 09:08:12 dtucker Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.127 2005/06/08 03:50:00 djm Exp $"); #include #include @@ -36,7 +36,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.126 2005/05/26 09:08:12 dtucker Exp $"); #include "dns.h" /* Number of bits in the RSA/DSA key. This value can be changed on the command line. */ -u_int32_t bits = 1024; +u_int32_t bits = 2048; /* * Flag indicating that we just want to change the passphrase. This can be diff --git a/sshd.8 b/sshd.8 index 6acdda130..fdff4ac91 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.207 2005/04/21 06:17:50 djm Exp $ +.\" $OpenBSD: sshd.8,v 1.208 2005/06/08 03:50:00 djm Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -80,7 +80,7 @@ supports both SSH protocol version 1 and 2 simultaneously. works as follows: .Ss SSH protocol version 1 Each host has a host-specific RSA key -(normally 1024 bits) used to identify the host. +(normally 2048 bits) used to identify the host. Additionally, when the daemon starts, it generates a server RSA key (normally 768 bits). This key is normally regenerated every hour if it has been used, and