Re: Add rc.conf variables to control host key length
On 24. Jun 2012, at 16:07 , Robert Simmons wrote:
> Here is a set of patches that add functionality to rc.conf allowing
> users an easy way to control the length of the host keys used with ssh
> (specifically RSA and ECDSA used with protocol version 2).
Created for, not used with -- right?
The used with is controlled in sshd_config and if the key is not there
but it's enabled in sshd_config you'll get a warning on boot which is
very annoying.
> I would like to also discuss the merits of changing FreeBSD's default
> behavior to using 4096 bit RSA keys and 521 bit ECDSA keys.
>
> I have refrained from changing FreeBSD's default behavior in these
> patches and stuck to just adding configurability.
Do we differ from what the OpenSSH defaults are?
/bz
--
Bjoern A. Zeeb You have to have visions!
It does not matter how good you are. It matters what good you do!
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 3 之 15 篇):