Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-7027

OSPP subpolicy requires RequiredRSASize support

XMLWordPrintable

    • openssh-8.7p1-12.el9_0
    • None
    • None
    • rhel-sst-security-crypto
    • ssg_security
    • None
    • Hide

      ACs are already implemented in TC#614224: /CoreOS/openssh/Regression/bz2066882-rsaminsize.

      Show
      ACs are already implemented in TC#614224: /CoreOS/openssh/Regression/bz2066882-rsaminsize.
    • QE ack
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • All
    • None

      What were you trying to do that didn't work?

       

      RHEL-3649 requires the following change in RHEL-9.0 in OSPP crypto-policies:

       

      • Bump minimal size of RSA keys from 2048-bit to 3072-bit, min_rsa_size = 3072

       

      However, there is no support for this in openssh clients and server configuration on RHEL-9.0 because RequiredRSASize keyword was only added in RHEL-9.2. Therefore to be able to enforce this for openssh by OSPP subpolicy we need to bring this functionality for RHEL-9.0 openssh.

      Please provide the package NVR for which bug is seen:

       

      openssh-8.7p1-10.el9_0

      How reproducible:

       

      100%

      Steps to reproduce

       

      1. Add "RequiredRSASize 2048" to /etc/ssh/ssh_config and /etc/ssh/sshd_config.
      2. Restart sshd.
      3. Connect by ssh to localhost.

      Expected results

       

      1. (nothing)
      2. sshd restart successfully - it recognizes the option
      3. ssh connect successfully - it recognizes the option

              dbelyavs@redhat.com Dmitry Belyavskiy
              omoris Ondrej Moris
              Dmitry Belyavskiy Dmitry Belyavskiy
              George Pantelakis George Pantelakis
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: