-
Título
SSH Server Public Key Too Small -
Descrição
From the Qualys Community: QID 38171 - SSL Cert - server public key too small
"An SSL Certificate associates an entity (person, organization, host, etc.) with a Public Key. In an SSL connection, the client authenticates the remote server using the server's Certificate and extracts the Public Key in the Certificate to establish the secure connection.
Best practices require that digital signatures be 2048 or more bits long to provide adequate security. Key lengths of 1024 are acceptable through 2013, but since 2011 they are considered deprecated."
-
Resolução
SSB defaults to RSA 4096 keys for SSH connections and does not utilize the short keys.
Short keys are still present, which causes the scans to report on this despite their not being in use.
Change Request - 372161 has been raised to address this issue. As of this writing, there is no ETA.
-
Informações adicionais
Short host keys are still present on the SSB , hence the vulnerability scans detects and reports it . However, by default, SSB uses RSA 4096-bit keys for SSH connections.