- djm@cvs.openbsd.org 2008/07/02 02:24:18

     [sshd_config sshd_config.5 sshd.8 servconf.c]
     increase default size of ssh protocol 1 ephemeral key from 768 to 1024
     bits; prodded by & ok dtucker@ ok deraadt@

5 files changed, 15 insertions, 11 deletions

diff --git a/ChangeLog b/ChangeLog
index fadf27a7d..9e7326d85 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -24,6 +24,10 @@
    - stevesk@cvs.openbsd.org 2008/07/01 23:12:47
      [PROTOCOL.agent]
      fix some typos; ok djm@
+   - djm@cvs.openbsd.org 2008/07/02 02:24:18
+     [sshd_config sshd_config.5 sshd.8 servconf.c]
+     increase default size of ssh protocol 1 ephemeral key from 768 to 1024
+     bits; prodded by & ok dtucker@ ok deraadt@
 
 20080630
  - (djm) OpenBSD CVS Sync
@@ -4507,4 +4511,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.5045 2008/07/02 12:35:00 dtucker Exp $
+$Id: ChangeLog,v 1.5046 2008/07/02 12:35:43 dtucker Exp $
diff --git a/servconf.c b/servconf.c
index 67e7d7db3..9d9c9508e 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.184 2008/06/15 16:58:40 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.185 2008/07/02 02:24:18 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -158,7 +158,7 @@ fill_default_server_options(ServerOptions *options)
         if (options->pid_file == NULL)
                 options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
         if (options->server_key_bits == -1)
-                options->server_key_bits = 768;
+                options->server_key_bits = 1024;
         if (options->login_grace_time == -1)
                 options->login_grace_time = 120;
         if (options->key_regeneration_time == -1)
diff --git a/sshd.8 b/sshd.8
index fdbe7abfa..c4c4181fc 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.245 2008/06/11 07:30:37 jmc Exp $
-.Dd $Mdocdate: June 11 2008 $
+.\" $OpenBSD: sshd.8,v 1.246 2008/07/02 02:24:18 djm Exp $
+.Dd $Mdocdate: July 2 2008 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -100,7 +100,7 @@ Forces
 to use IPv6 addresses only.
 .It Fl b Ar bits
 Specifies the number of bits in the ephemeral protocol version 1
-server key (default 768).
+server key (default 1024).
 .It Fl C Ar connection_spec
 Specify the connection parameters to use for the
 .Fl T
diff --git a/sshd_config b/sshd_config
index c5ee7c8a4..1b53a0efb 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-#       $OpenBSD: sshd_config,v 1.79 2008/05/08 12:21:16 djm Exp $
+#       $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -28,7 +28,7 @@ Protocol 2
 
 # Lifetime and size of ephemeral version 1 server key
 #KeyRegenerationInterval 1h
-#ServerKeyBits 768
+#ServerKeyBits 1024
 
 # Logging
 # obsoletes QuietMode and FascistLogging
diff --git a/sshd_config.5 b/sshd_config.5
index 0d41edf98..7255b1c22 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.95 2008/06/15 16:58:40 dtucker Exp $
-.Dd $Mdocdate: June 15 2008 $
+.\" $OpenBSD: sshd_config.5,v 1.96 2008/07/02 02:24:18 djm Exp $
+.Dd $Mdocdate: July 2 2008 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -811,7 +811,7 @@ The default is
 This option applies to protocol version 1 only.
 .It Cm ServerKeyBits
 Defines the number of bits in the ephemeral protocol version 1 server key.
-The minimum value is 512, and the default is 768.
+The minimum value is 512, and the default is 1024.
 .It Cm StrictModes
 Specifies whether
 .Xr sshd 8