summaryrefslogtreecommitdiff
path: root/usr.bin
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2005-06-08 03:50:01 +0000
committerDamien Miller <djm@cvs.openbsd.org>2005-06-08 03:50:01 +0000
commit24c2f5a89d145be6fe7c0c2736bfdfe2337338fd (patch)
treee911e951b8d575c1c6ad33d194b7eb36f4751a9b /usr.bin
parente826a55f3551fc41e004d3bf580b701c9ea90095 (diff)
increase default rsa/dsa key length from 1024 to 2048 bits; ok markus@ deraadt@
Diffstat (limited to 'usr.bin')
-rw-r--r--usr.bin/ssh/ssh-keygen.16
-rw-r--r--usr.bin/ssh/ssh-keygen.c4
-rw-r--r--usr.bin/ssh/sshd.84
3 files changed, 7 insertions, 7 deletions
diff --git a/usr.bin/ssh/ssh-keygen.1 b/usr.bin/ssh/ssh-keygen.1
index ac0b7276480..5454d00ce88 100644
--- a/usr.bin/ssh/ssh-keygen.1
+++ b/usr.bin/ssh/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keygen.1,v 1.68 2005/04/21 06:17:50 djm Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.69 2005/06/08 03:50:00 djm Exp $
.\"
.\" -*- nroff -*-
.\"
@@ -188,8 +188,8 @@ Show the bubblebabble digest of specified private or public key file.
.It Fl b Ar bits
Specifies the number of bits in the key to create.
Minimum is 512 bits.
-Generally, 1024 bits is considered sufficient.
-The default is 1024 bits.
+Generally, 2048 bits is considered sufficient.
+The default is 2048 bits.
.It Fl C Ar comment
Provides a new comment.
.It Fl c
diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c
index e2b9b7ad407..705a4b4124a 100644
--- a/usr.bin/ssh/ssh-keygen.c
+++ b/usr.bin/ssh/ssh-keygen.c
@@ -12,7 +12,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.126 2005/05/26 09:08:12 dtucker Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.127 2005/06/08 03:50:00 djm Exp $");
#include <openssl/evp.h>
#include <openssl/pem.h>
@@ -36,7 +36,7 @@ RCSID("$OpenBSD: ssh-keygen.c,v 1.126 2005/05/26 09:08:12 dtucker Exp $");
#include "dns.h"
/* Number of bits in the RSA/DSA key. This value can be changed on the command line. */
-u_int32_t bits = 1024;
+u_int32_t bits = 2048;
/*
* Flag indicating that we just want to change the passphrase. This can be
diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8
index 49431872928..ef3f8d57774 100644
--- a/usr.bin/ssh/sshd.8
+++ b/usr.bin/ssh/sshd.8
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.207 2005/04/21 06:17:50 djm Exp $
+.\" $OpenBSD: sshd.8,v 1.208 2005/06/08 03:50:00 djm Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
@@ -80,7 +80,7 @@ supports both SSH protocol version 1 and 2 simultaneously.
works as follows:
.Ss SSH protocol version 1
Each host has a host-specific RSA key
-(normally 1024 bits) used to identify the host.
+(normally 2048 bits) used to identify the host.
Additionally, when
the daemon starts, it generates a server RSA key (normally 768 bits).
This key is normally regenerated every hour if it has been used, and