search

ParetoSecurity / pareto-mac

Automatically audit your Mac for basic security hygiene.
https://paretosecurity.com
GNU General Public License v3.0
319 stars 24 forks source link

SSH id_rsa 4096 bit mis-flagged #103

Closed niteobot closed 2 years ago

niteobot commented 2 years ago

What happened?

The SSH encryption verifier appears to fail for 4096 RSA on my system.

Even though my id_rsa is in fact 4096, it reports it as using weak encryption.

This is on macOS 12.1 on a 2019 Intel MBP 16".

I should also note that my id_rsa is actually a symlink in the .ssh directory if that helps:

id_rsa -> id_rsa_openssh id_rsa.pub -> id_rsa_openssh.pub id_rsa_openssh id_rsa_openssh.pub

Version

1.6.29 - 3941

Relevant log output


ssh-keygen -l -f id_rsa | awk '{print $1}'
4096
zupo commented 2 years ago

User: https://secure.helpscout.net/conversation/1760789331/33592/

Seems related to https://secure.helpscout.net/conversation/1755059643/33352?folderId=4882167.

Refs https://github.com/teamniteo/pareto/issues/233

dz0ny commented 2 years ago

Resolved