diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2022-09-17 10:34:30 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2022-09-17 10:34:30 +0000 |
| commit | 0f22ecec45f57ac960bf405dd6c822fbc16ca503 (patch) | |
| tree | 98c34f025e1ecd392c47d71fa5ecc5ba05acd47b /usr.bin/ssh/sshd.c | |
| parent | 560f120c705dd3af395017764a2e23f08d04cbe4 (diff) | |
Add RequiredRSASize for sshd(8); RSA keys that fall beneath this limit
will be ignored for user and host-based authentication.
Feedback deraadt@ ok markus@
Diffstat (limited to 'usr.bin/ssh/sshd.c')
| -rw-r--r-- | usr.bin/ssh/sshd.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index d26eb86aefa..69111e83977 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.590 2022/07/01 05:08:23 dtucker Exp $ */ +/* $OpenBSD: sshd.c,v 1.591 2022/09/17 10:34:29 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1746,6 +1746,13 @@ main(int ac, char **av) fatal_r(r, "Could not demote key: \"%s\"", options.host_key_files[i]); } + if (pubkey != NULL && (r = sshkey_check_rsa_length(pubkey, + options.required_rsa_size)) != 0) { + error_fr(r, "Host key %s", options.host_key_files[i]); + sshkey_free(pubkey); + sshkey_free(key); + continue; + } sensitive_data.host_keys[i] = key; sensitive_data.host_pubkeys[i] = pubkey; |