Community
Participate
Working Groups
The SSH key generation only offers 1024 bit keys, which is now too weak. (See http://news.netcraft.com/archives/2012/09/10/minimum-rsa-public-key-lengths-guidelines-or-rules.html). It should either be fixed at 4096, or user-configurable.
What SSH key gen? Where? Please include a description or image of where. PW
Created attachment 229231 [details] Screenshot of the SSH key generation screen
The Eclipse Platform has depended jsch, and jsch can generate such a long key. I have confirmed that it can generate 1024, 2048 and 4096 bit RSA keys, and 512 and 1024 DSA keys due to the restrictions by Sun's JCE provider. So, all we have to do is to change UI, I think.
I think the UI update is still missing. Does anyone work on this case yet?
I note the Hardware platform on this one says "PC Windows 7". I use Ubuntu 14.04 with an open JVM, and a Windows 7 machine using the Oracle JVM and have the same issue on both of them. It would be really good to get 4096 bit key support. I had to downgrade our existing keys just to use this product.
(In reply to Philip D\'Ath from comment #5) > It would be really good to get 4096 bit key support. I had to downgrade our > existing keys just to use this product. You don't have to downgrade your key. In the current implementation, it can not generate 496 bit key, but it can accept 4096 bit key.
Our existing 4096 bit ssh keys do not work with GitEye on either Ubuntu or Windows. They were probably generated using ECDH. I'll try generating some new 4096 bit keys using older crypto algorithms and see if that works.
I have managed to figure this out. Modern ssh-keygen's (like on Ubuntu) use AES128 for the crypto cipher for the key for SSH2. I have managed to figure out that GitEye/jsch only seems to support 3DES. The tricky bit is ssh-keygen does not allow you to specify the crypto algorithm to use. So to create a compatible SSH key 4096 bits long you need to do this: openssl genrsa -des3 -out id_rsa 4096 chmod 600 id_rsa ssh-keygen -y -f id_rsa >id_rsa.pub
(In reply to Philip D\'Ath from comment #8) > Modern ssh-keygen's (like on Ubuntu) use AES128 for the crypto cipher for > the key for SSH2. I have managed to figure out that GitEye/jsch only seems > to support 3DES. FYI, it can not generate keys ciphered with AES-128-CBC, but it can accept such keys.
+1
*** Bug 490474 has been marked as a duplicate of this bug. ***
*** Bug 481512 has been marked as a duplicate of this bug. ***
Created attachment 279262 [details] patches RSA keys generation to 2048 bits Bitbucket has rejected the RSA-1024 key generated by Eclipse. DSA-1024 was accepted but is deprecated elsewhere (e.g. OpenSSH). This really needs to be finally updated. I made a small patch for org.eclipse.jsch.ui/src/org/eclipse/jsch/internal/ui/preference/PreferencePage.java to generate RSA keys with length of 2048. I left DSA keys length at 1024 bits as it was since i'm not sure whether 2048 is supported. I didn't test the patch but it's very simple: just pass another parameter to JSch and emit appropriate text comment. (sorry, i submitted this to the duplicate bug the first time)
OpenSSH 8.0 uses 3072 bits as default nowadays.[1] [1] https://www.openssh.com/txt/release-8.0