dropbearconvert crashes converting 8192-bit RSA OpenSSH host key to dropbear format
Stephen Kent
smkent at smkent.net
Tue Feb 10 01:39:40 AWST 2015
I generated 8192-bit RSA host keys after I read this article:
https://stribika.github.io/2015/01/04/secure-secure-shell.html
I believe OpenSSH's default is to generate a 2048-bit RSA host key, and
that article recommends a 4096-bit key. This is just on my personal box, so
I decided to go for broke with an 8192-bit key.
Thanks,
Stephen
On Mon, Feb 9, 2015 at 6:55 AM, Matt Johnston <matt at ucc.asn.au> wrote:
> Hi Stephen,
>
> Looks like a bug, I've only tested with 4096 bit keys.
> Probably just MAX_PRIVKEY_SIZE etc needs increasing in
> options.h, and some buffer sizes in keyimport.c
>
> Where did a 8192 bit key come from, out of interest?
>
> CHeers,
> Matt
>
> On Sun, Feb 08, 2015 at 09:08:17PM -0800, Stephen Kent wrote:
> > dropbearconvert seems to crash on large RSA key sizes (the host key
> > I'm trying to convert is 8192 bits):
> >
> > $ openssl rsa -text -noout -in /etc/ssh/ssh_host_rsa_key 2>/dev/null |
> head -n 1
> > Private-Key: (8196 bit)
> > $ dropbearconvert openssh dropbear "/etc/ssh/ssh_host_rsa_key"
> > "./dropbear_rsa_host_key"
> > Exited: Bad buf_getwriteptr
> >
> > dropbearconvert works fine on OpenSSH's default 2048-bit RSA host key.
> >
> > Is this a bug? If so, is this the proper place to report it or is
> > there another procedure I should follow?
> >
> > (Please CC me on replies as I am not on this list.)
> >
> > Thanks,
> >
> > Stephen
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20150209/6ff77874/attachment-0001.htm
More information about the Dropbear
mailing list