Can I change Terminal's SSH RSA key length requirments?

Question

Level 1

5 points

Can I change Terminal's SSH RSA key length requirments?

I have a managed Ethernet switch that allows management via SSH sessions. The switch generates an 512 bit RSA key, the length is not adjustable.

When I try to SSH to the switch using the Terminal application I get this error:

"ssh rsaverify: RSA modulus too small: 512 < minimum 768 bits
key_verify failed for server hostkey"

Apparently Terminal is set to disallow an RSA key that is less than 768 bits.

Is there a way to make Terminal accept the 512 bit key?

(Using Putty on Windows, I can connect to the switch with no problem.)

Thanks,
-Dean<br>
Mac OS X (10.4.9)

Posted on Apr 23, 2007 5:38 PM

Reply

Answer 1

Apr 24, 2007 6:33 PM in response to Dean Carter

OpenSSH_4.5p1, OpenSSL 0.9.7l 28 Sep 2006

Ah-ha! I have OpenSSH_4.2p1, OpenSSL 0.9.7l 28 Sep 2006

But I haven't installed 10.4.9 yet. According to the revision notes, Security Update 2007-003 updates ssh to 4.5:

Description: SSH keys are created on a server when the first SSH connection is established. An attacker connecting to the server before SSH has finished creating the keys could force the keys then to be recreated. This could result in a denial of service against processes that rely on a trust relationship with the server. Systems that already have SSH enabled and have rebooted at least once are not vulnerable to this issue. This issue is addressed by improving the SSH key generation process. This issue is specific to the Apple implementation of OpenSSH. Credit to Jeff Mccune of The Ohio State University for reporting this issue.

Reply

Answer 2

Apr 24, 2007 12:52 PM in response to Dean Carter

I don't have an answer, probably because I don't entirely understand what you are trying to do. But I do have some comments. You might find more expertise in the Unix Forum

Firstly, Terminal has nothing to do with this. Terminal is just an application that allows you to interact with a Unix shell. It has no responsibility for the commands you enter. The issue is with ssh.

Secondly, if I understand your situation, you are at your Mac, attempting to login to a remote machine? In that case you are not (or should not be) accepting a "key coming from another machine". The key should be on the Mac. The remote machine should have a copy of the public key associated with the private key on the Mac. The private key should be on the Mac, and no where else.

Thirdly, I am puzzled by your quote from the ssh-keygen man page. Mine says

-b bits
Specifies the number of bits in the key to create. Minimum is
512 bits. Generally, 1024 bits is considered sufficient. The
default is 1024 bits.

What version of ssh do you have?

ssh -V

Reply

Answer 3

Apr 23, 2007 6:58 PM in response to Dean Carter

Hi Dean--

Have you tried generating a smaller key? If you look at the ssh-keygen man page, you'll see that you can generate different lengths. I don't really want to try it, since I'm already set up with a whole bunch of servers, but you'd probably add " -b 512" to your ssh-keygen command.

charlie

Reply

Answer 4

Dean Carter Author

Level 1

5 points

Apr 24, 2007 10:45 AM in response to Charles Minow

Charlie,

Thanks for the reply.

I also use the Terminal to connect to many computers and other managed devices, and am unsure of the ramifications of generating a smaller rsa key on my machine. However, the man page says this about the ssh-keygen -b flag:

"-b bits
Specifies the number of bits in the key to create. For RSA keys,the minimum size is 768 bits and the default is 2048 bits. Generally, 2048 bits is considered sufficient."

So it seems that I would not be able to generate a key that is less than 768 bits.

What I'm hoping to discover is a way to allow Terminal to accept a 512 bit key coming from another machine without having to reduce the security of my own rsa key (which I'm thinking, probably has no relation to accepting different size keys from remote computers).

In other words; what sets Terminal's cutoff point at a minimum of 768 bits, and can it be lowered?

-Dean

Mac OS X (10.4.9)

Reply

Answer 5

Apr 24, 2007 2:11 PM in response to Jeffrey Jones2

Hi--

Secondly, if I understand your situation, you are at
your Mac, attempting to login to a remote machine?

Actually, he says he's trying to log into a managed ethernet switch.

In
that case you are not (or should not be) accepting a
"key coming from another machine". The key should be
on the Mac. The remote machine should have a copy of
the public key associated with the private key on the
Mac. The private key should be on the Mac, and no
where else.

But part of the process of they key exchange is that the remote machine, in this case the switch, would send a key to the Mac, verifying that it's the machine it purports to be. This is the key length that's too short.

I did find someone who was able to log into a Cisco switch using the following command:

<pre class="command">ssh -v -1 -c des NNN.NNN.NNN.NNN</pre>where NNN.NNN.NNN.NNN is the remote IP address. Note that "-1" is "minus one", not "ell". That forces it to use version 1 of the SSH protocol, which might allow for a shorter key length.

Otherwise, I found a couple of places where they suggested downloading the source to SSH, changing a constant in the headers, and then re-compiling. But that seems like a lot of hassle to me.

charlie

Reply

Answer 6

Dean Carter Author

Level 1

5 points

Apr 24, 2007 4:48 PM in response to Jeffrey Jones2

Jeffrey,

I admit that my understanding of the UNIX underpinnings of the Mac OS is spotty at best, and I may be making some erroneous assumptions. I don't believe that I am using the public key - private key scheme, which if I understand correctly will allow connections to be made without passwords. I still use a username and password to establish a connection.

This is what I've observed.

When I ssh to another computer for the first time, I am presented with this message:

"The authenticity of host 'hostname and (IP address)' can't be established.
RSA key fingerprint is XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX.
Are you sure you want to continue connecting (yes/no)?"

(I've removed the actual host, IP, and fingerprint info from the above.)

If I answer yes, a key is appended to the ~username/.ssh/known_hosts file. I'm assuming that this is the key that was generated on the remote machine.

When I try to ssh to the management interface of the switch that I'm having trouble with, and answer "yes" to the above message, I receive the following:

"Warning: Permanently added 'hostname,IP address' (RSA) to the list of known hosts.
ssh rsaverify: RSA modulus too small: 512 < minimum 768 bits
key_verify failed for server hostkey"

If I then examine the known_hosts file, indeed, the last key appended is shorter than all of the others.

Speaking with tech support for the switch confirmed that the rsa key is generated at 512 bits and cannot be increased (it would require a firmware update).

The ssh version on the three Macs that I use is:
OpenSSH_4.5p1, OpenSSL 0.9.7l 28 Sep 2006

The man page for ssh-keygen on all three show that 768 bits is the minimum.

Thanks,
-Dean<br>
Mac OS X (10.4.9)

Reply

Answer 7

Dean Carter Author

Level 1

5 points

Apr 24, 2007 4:51 PM in response to Charles Minow

Charlie,

I tried your suggestion
ssh -v -1 -c des NNN.NNN.NNN.NNN
and received the following:

OpenSSH_4.5p1, OpenSSL 0.9.7l 28 Sep 2006
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to hostaname [IP address] port 22.
debug1: Connection established.
debug1: identity file /Users/djc/.ssh/identity type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.4p1.RL
debug1: match: OpenSSH_3.4p1.RL pat OpenSSH_3.*
Protocol major versions differ: 1 vs. 2

If I'm reading this correctly, the remote system is using version 2, and may not be backwards compatible with version 1 protocols.

I was hoping there might be a config file that would address this issue, but your last statement would seem to indicate that the parameter is compiled into the ssh binary. I don't think I want to go that far.

Thanks again for your suggestions.
-Dean

Reply