Home Explore Help
Register Sign In
fphammerle
/
docker-rsync-sshd
mirror of https://github.com/fphammerle/docker-rsync-sshd
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

sshd: no longer accept RSA keys < 2048 bits for authentication

https://github.com/fphammerle/docker-borgbackup-sshd/commit/17b658f070505f80d8d48637785145a3c91fe171
Fabian Peter Hammerle 1 year ago
parent
4a52a7ba65
commit
74373c36a9
2 changed files with 9 additions and 0 deletions
Split View Show Diff Stats
  1. 4 0
      CHANGELOG.md
  2. 5 0
      sshd_config

+ 4 - 0
CHANGELOG.md
View File 

@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
+## [Unreleased]
 
+### Changed
 
+- `sshd`: no longer accept RSA keys < 2048 bits for authentication
 
+
 
 ## [1.0.0] - 2020-07-24
 
 ### Fixed
 
 - empty passwords (redundant as sshd config disables password authentication)

+ 5 - 0
sshd_config
View File 

@@ -10,6 +10,11 @@ Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.
 
 MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
 
 
 PermitRootLogin no
 
+PubkeyAuthentication yes
 
+# > RSA: The length of the modulus n shall be 2048 bits or more to meet the
 
+# > minimum security-strength requirement of 112 bits [...]
 
+# https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final
 
+RequiredRSASize 2048
 
 PasswordAuthentication no
 
 StrictModes no
 
 # separated by spaces