Hello, On Fri, 2023-12-08 at 14:17 +0100, Dirk Müller wrote:
Is this intentional?
It is the default setting of gitea 1.21, which we're using on the openSUSE side. No explicit configuration has been done from our side so far.
OK.
you can read the minimums here: https://docs.gitea.com/next/administration/config-cheat-sheet#ssh-minimum-ke...
Please note that all current openssh versions generate ed25519 keys by default which are shorter, more secure, much faster and would be accepted without any issue.
I'm aware that newer keys are more secure, but that's not the point. New keys means I have to start replacing keys on various hosts.
Also see https://www.keylength.com/en/compare/ which basically says that *new* RSA 2048 should not be used after 2020 anymore. We have 2023.
That's not really clear from this website as it refers to different papers which make different recommendations. If a key type is considered insecure, it would have been completely blocked by OpenSSH as it has happened for DSA keys. But up to now, RSA2048 is still a valid and enabled key type which is why it's annoying when random projects decide they know better. *sigh* Adrian