On Sun, Jun 24, 2012 at 04:34:04PM +0000, Bjoern A. Zeeb wrote: > > On 24. Jun 2012, at 16:07 , Robert Simmons wrote: > > > Here is a set of patches that add functionality to rc.conf allowing > > users an easy way to control the length of the host keys used with ssh > > (specifically RSA and ECDSA used with protocol version 2). > > Created for, not used with -- right? > > The used with is controlled in sshd_config and if the key is not there > but it's enabled in sshd_config you'll get a warning on boot which is > very annoying. > > > > I would like to also discuss the merits of changing FreeBSD's default > > behavior to using 4096 bit RSA keys and 521 bit ECDSA keys. > > > > I have refrained from changing FreeBSD's default behavior in these > > patches and stuck to just adding configurability. > > Do we differ from what the OpenSSH defaults are? >
Defaults being ... 2048 RSA 1024 DSA 256 ECDSA These are more then sufficient for any normal ssh use. -- - (2^(N-1)) _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
