- djm@cvs.openbsd.org 2008/07/02 02:24:18
[sshd_config sshd_config.5 sshd.8 servconf.c]
increase default size of ssh protocol 1 ephemeral key from 768 to 1024
bits; prodded by & ok dtucker@ ok deraadt@
diff --git a/ChangeLog b/ChangeLog
index fadf27a..9e7326d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -24,6 +24,10 @@
- stevesk@cvs.openbsd.org 2008/07/01 23:12:47
[PROTOCOL.agent]
fix some typos; ok djm@
+ - djm@cvs.openbsd.org 2008/07/02 02:24:18
+ [sshd_config sshd_config.5 sshd.8 servconf.c]
+ increase default size of ssh protocol 1 ephemeral key from 768 to 1024
+ bits; prodded by & ok dtucker@ ok deraadt@
20080630
- (djm) OpenBSD CVS Sync
@@ -4507,4 +4511,4 @@
OpenServer 6 and add osr5bigcrypt support so when someone migrates
passwords between UnixWare and OpenServer they will still work. OK dtucker@
-$Id: ChangeLog,v 1.5045 2008/07/02 12:35:00 dtucker Exp $
+$Id: ChangeLog,v 1.5046 2008/07/02 12:35:43 dtucker Exp $
diff --git a/servconf.c b/servconf.c
index 67e7d7d..9d9c950 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.184 2008/06/15 16:58:40 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.185 2008/07/02 02:24:18 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -158,7 +158,7 @@
if (options->pid_file == NULL)
options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
if (options->server_key_bits == -1)
- options->server_key_bits = 768;
+ options->server_key_bits = 1024;
if (options->login_grace_time == -1)
options->login_grace_time = 120;
if (options->key_regeneration_time == -1)
diff --git a/sshd.8 b/sshd.8
index fdbe7ab..c4c4181 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.245 2008/06/11 07:30:37 jmc Exp $
-.Dd $Mdocdate: June 11 2008 $
+.\" $OpenBSD: sshd.8,v 1.246 2008/07/02 02:24:18 djm Exp $
+.Dd $Mdocdate: July 2 2008 $
.Dt SSHD 8
.Os
.Sh NAME
@@ -100,7 +100,7 @@
to use IPv6 addresses only.
.It Fl b Ar bits
Specifies the number of bits in the ephemeral protocol version 1
-server key (default 768).
+server key (default 1024).
.It Fl C Ar connection_spec
Specify the connection parameters to use for the
.Fl T
diff --git a/sshd_config b/sshd_config
index c5ee7c8..1b53a0e 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-# $OpenBSD: sshd_config,v 1.79 2008/05/08 12:21:16 djm Exp $
+# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
@@ -28,7 +28,7 @@
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
-#ServerKeyBits 768
+#ServerKeyBits 1024
# Logging
# obsoletes QuietMode and FascistLogging
diff --git a/sshd_config.5 b/sshd_config.5
index 0d41edf..7255b1c 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.95 2008/06/15 16:58:40 dtucker Exp $
-.Dd $Mdocdate: June 15 2008 $
+.\" $OpenBSD: sshd_config.5,v 1.96 2008/07/02 02:24:18 djm Exp $
+.Dd $Mdocdate: July 2 2008 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -811,7 +811,7 @@
This option applies to protocol version 1 only.
.It Cm ServerKeyBits
Defines the number of bits in the ephemeral protocol version 1 server key.
-The minimum value is 512, and the default is 768.
+The minimum value is 512, and the default is 1024.
.It Cm StrictModes
Specifies whether
.Xr sshd 8