On 10/06/2017 12:57 AM, Ulrich Sibiller wrote:
On Fri, Oct 6, 2017 at 3:12 AM, Mihai Moldovan <ionic@ionic.de> wrote:
On 09/28/2017 01:49 PM, Max A. wrote:
I'm using a x2go server on CentOS 6.9 (the latest version from EPEL, 4.0.1.20), clients use Windows XP/7 and the latest version of X2Go Client (4.1.0.0-2017.03.11). Each time the client connects, ssh-keygen.exe (C:\Program Files\x2goclient\ssh-keygen.exe) starts with the parameters "-t rsa -b 4096 -N" "-C" X2Go Client RSA user key "-f C:
I explicitly decided against that. For more information and the rationale for this change, refer to the release announcement: http://lists.x2go.org/pipermail/x2go-announcements/2017/000302.html
The release announcement talks about 2048-bit keys being generated while this indicates that even stronger keys are being used (which in turn increases the time to create them). I think for slow clients this is too much. At least the admin should be able to decide about the required security, not the maintainer.
So what about staying as is by default but providing a possibility to pre-generate keys for those connections.
Uli
What about ed25519 keys?
https://stribika.github.io/2015/01/04/secure-secure-shell.html
About 30-60 times faster to create on my fairly fast machine.
Unfortunately EL6 era machines don't support them.
-- Orion Poplawski Manager of NWRA Technical Systems 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion@nwra.com Boulder, CO 80301 https://www.nwra.com/