Linux – setting minimum size of accepted rsa key

linuxrsaSecurityssh

Is there a way to set the minimum size accepted by sshd as an RSA public key?

I want to restrict users to using RSA keys that are generated with ssh-keygen -b 8196 or greater.

I didn't see any option in sshd_config. There is a ServerKeyBits option, but that seems to apply only for SSHv1.

Best Answer

In modern sshd versions (newer than when the question was asked), you can use an AuthorizedKeysCommand to fetch the user's public keys. The usual reason to use this, is to fetch keys from some central storage (ldap, mysql...). But you can also use this to filter the user's keys. You should also set AuthorizedKeys file to none to avoid a fallback to the unfiltered keys.

Related Solutions

Linux Bash – How to Sort du -h Output by Size

As of GNU coreutils 7.5 released in August 2009, sort allows a -h parameter, which allows numeric suffixes of the kind produced by du -h:

du -hs * | sort -h

If you are using a sort that does not support -h, you can install GNU Coreutils. E.g. on an older Mac OS X:

brew install coreutils
du -hs * | gsort -h

From sort manual:

-h, --human-numeric-sort compare human readable numbers (e.g., 2K 1G)

Git for Windows – How to Tell Git Where to Find Private RSA Key

For Git Bash

If you are running msysgit (I am assuming you are) and are looking to run Git Bash (I recommend it over TortoiseGit, but I lean to the CLI more than GUI now), you need to figure out what your home directory is for Git Bash by starting it then type pwd (On Windows 7, it will be something like C:\Users\phsr I think). While you're in Git Bash, you should mkdir .ssh.

After you have the home directory, and a .ssh folder under that, you want to open PuTTYgen and open the key (.ppk file) you have previously created. Once your key is open, you want to select Conversions -> Export OpenSSH key and save it to HOME\.ssh\id_rsa. After you have the key at that location, Git Bash will recognize the key and use it.

Note: Comments indicate that this doesn't work in all cases. You may need to copy the OpenSSH key to Program Files\Git\.ssh\id_rsa (or Program Files (x86)\Git\.ssh\id_rsa).

For TortoiseGit

When using TortoiseGit, you need to set the SSH key via pacey's directions. You need to do that for every repository you are using TortoiseGit with.