0

I want to ssh-keygen -t rsa -b 512 but my linux is too "up to date" to allow this. Is there anyway to modify the settings to:

  1. generate a 512bit key
  2. let me authenticate to the server with that key

Yes I know its bad security practice but I am actually doing some security research. This machine will be burnt and has nothing of value. This is pure for research

bjoster
  • 4,805
  • 5
  • 25
  • 33
TheHidden
  • 111
  • 3
  • Depending on your motivation for *"small keys"* just using ed25519 might be okay, which is safe & supported despite the comparatively small key size. – anx Feb 25 '21 at 16:01

2 Answers2

3

There is no way in standard ssh-keygen to do this. But you can download source code from https://github.com/openssh/openssh-portable and recompile it with SSH_RSA_MINIMUM_MODULUS_SIZE set to 512 bits instead of its current value. You can find this const variable in sshkey.h header file.

Navern
  • 1,619
  • 1
  • 10
  • 14
  • 1
    You could generate the keyfile with `openssl genrsa 512` without recompiling ssh-keygen, but you (still) need to recompile both ssh and sshd with this change to get them to _use_ such a key. – dave_thompson_085 Feb 17 '21 at 06:01
1

If it's only for research ... run the old versions in a container. According to the OpenSSH release notes support for 512bit keys was removed in version 8.2, so you need 8.1 or older. There are several containers available with older versions on docker hub.

You will need old versions of both the client and the server.

Gerald Schneider
  • 23,274
  • 8
  • 57
  • 89
  • The docker idea is the easiet solution I think, I only need it for like 20 minutes at most... happen to have a source of such? – TheHidden Feb 17 '21 at 17:26
  • The docker hub has a search function. I'm not going to be more specific, since [asking for recommendations is off topic](https://serverfault.com/help/on-topic) and links to specific images are bound to get useless in the future if the images are deleted at some point. – Gerald Schneider Feb 18 '21 at 08:21
  • not to worry I googled ^ was an off the bat google-able question – TheHidden Feb 18 '21 at 17:40