SSH public key is too small and unable to extend the key length (QD 38738)
search cancel

SSH public key is too small and unable to extend the key length (QD 38738)

book

Article ID: 174763

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

A vulnerability scan shows SSH Server Public Key is too Small error (QD 38738)

Cause

By default, the SSH host-keypair size is 1024 bits.

Resolution

In SGOS 7.1.x and later a new ssh-keypair can be generated with larger key size.  In 6.7.x it is hard coded to 1024.

if creating the host key pair with an RSA key, a key size of 2048 bits, 3072 bits, or 4096 bits is possible.

If a lower-bit key is configured for the SSH console, first remove it:
From CLI ensure you are in config and type the following:

# (config ssh-console) delete host-keypair rsa

Next create an RSA key with a size of 2048, 3072 or 4096 bits, as in the following example:

# (config ssh-console) create host-keypair rsa 3072

If using the Management Console to create the host key pair, go to Configuration > Authentication > SSH Inbound Connections > SSH Host Keys. If a lower-bit key is currently specified in the RSA Host Key Pair section, select Delete to remove it before creating a new key. To create a new key, select 2048 , 3072, or 4096. Refer to “Managing the SSH Host Key Pairs” in the SGOS Administration Guide for more information."