"using small 512-bit CA key modulus" misleading

jtesta / ssh-audit

SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)

MIT License

3.23k stars 165 forks source link

"using small 512-bit CA key modulus" misleading #239

Closed philfry closed 4 months ago

philfry commented 6 months ago

Hi,

I'm running an SSH-CA with ECDSA to sign my host keys (in this example an ed25519 host key). ssh-audit complains about

(key) ssh-ed25519-cert-v01@openssh.com (256-bit cert/512-bit ecdsa-sha2-nistp256 CA) -- [fail] using small 512-bit CA key modulus (rec) -ssh-ed25519-cert-v01@openssh.com -- key algorithm to remove

Since ECDSA does not have a modulus the failure is misleading. The check either should only apply to RSA CAs or be adapted to support elliptic curve CAs key sizes.

Thanks!

jtesta commented 4 months ago

Thanks for reporting this! It should be fixed in 73b669b49d1a86617495e504d2987ff276f28360.

Note that this still results in a scan failure, since the NIST P-curves are suspected of being back-doored. But the code now properly handles the modulus.