Browse Source

sshd: no longer accept RSA keys < 2048 bits for authentication

https://github.com/fphammerle/docker-borgbackup-sshd/commit/17b658f070505f80d8d48637785145a3c91fe171
Fabian Peter Hammerle 1 year ago
parent
commit
02a35994a8
2 changed files with 6 additions and 0 deletions
  1. 2 0
      CHANGELOG.md
  2. 4 0
      sshd_config

+ 2 - 0
CHANGELOG.md

@@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Changed
+- `sshd`: no longer accept RSA keys < 2048 bits for authentication
 
 ## [0.1.0] - 2021-03-20
 ### Added

+ 4 - 0
sshd_config

@@ -20,6 +20,10 @@ HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-
 #UsePAM no
 PermitRootLogin no
 PubkeyAuthentication yes
+# > RSA: The length of the modulus n shall be 2048 bits or more to meet the
+# > minimum security-strength requirement of 112 bits [...]
+# https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final
+RequiredRSASize 2048
 PasswordAuthentication no
 ChallengeResponseAuthentication no
 StrictModes no