Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-06 14:20:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

don't allow DSA keys

Browse Source 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
2024-12-18 19:01:15 +01:00
parent 8c5f92aeb1
commit bfe6c58133
4 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
internal/dataprovider/dataprovider.go
View File

@@ -2907,11 +2907,18 @@ func validatePublicKeys(user *User) error {
util.I18nErrorPubKeyInvalid,
)
}
if out.Type() == ssh.InsecureKeyAlgoDSA {
providerLog(logger.LevelError, "dsa public key not accepted, position: %d", idx)
return util.NewI18nError(
util.NewValidationError(fmt.Sprintf("DSA key format is insecure and it is not allowed for key at position %d", idx)),
util.I18nErrorKeyInsecure,
)
}
if k, ok := out.(ssh.CryptoPublicKey); ok {
cryptoKey := k.CryptoPublicKey()
if rsaKey, ok := cryptoKey.(*rsa.PublicKey); ok {
if size := rsaKey.N.BitLen(); size < 2048 {
providerLog(logger.LevelError, "rsa key with size %d not accepted, minimum 2048", size)
providerLog(logger.LevelError, "rsa key with size %d at position %d not accepted, minimum 2048", size, idx)
return util.NewI18nError(
util.NewValidationError(fmt.Sprintf("invalid size %d for rsa key at position %d, minimum 2048",
size, idx)),