Closed B-Interactive closed 1 year ago
Is this related to #6? At any rate, we have the latest OpenSSH version now, the defaults should be more than fine, with a few arguable exceptions.
Yes it would relate to #6 (just spotted that branch too). The minimum has since increased from 2048 to 3072 bits, but I believe the standard the SSH Hardening Guides have established, is 4096-bits. The merits of 3072 vs 4096 are perhaps a topic of heavy debate and discussion and likely beyond the scope of my knowledge.
My appeal is more towards aligning with the baseline established by the SSH Hardening Guides, if that's something to be considered.
The SSH Hardening Guides leverage 4096-bit RSA keys as standard. The command
service sshd keygen
produces a 3072-bit RSA key.I acknowledge the practical security of the two (3072, 4096) still puts both of them in the realm of unbreakable.