unsupported DSA key size 2048

[rashmimaharana]

Hi @drakkan

Can you please suggest what's going wrong here. When i checked the logs, i could see so many errors regarding DSA key size which I have posted below. Are we missing any configuration to support the DSA key size 2048. Thanks for answering all my previous queries.

Error:
2022-08-31T21:43:48.399214923Z{client_ip: 10.125.XXX.X, error: ssh: unsupported DSA key size 2048, level: debug, login_type: no_auth_tryed, protocol: SSH, sender: connection_failed, username: }

Thanks,
Rashmi Maharana

[drakkan]

Hi @rashmimaharana

DSA key with size 2048 are not strictly valid, take a look here.

If you try to generate them with ssh-keygen tool you will get this:

$ ssh-keygen -f /tmp/ds -t dsa -b 2048
Invalid DSA key length: must be 1024 bits

I know that some tools can generate these keys.

SFTPGo (read go/crypto/ssh) supports 1024 bits DSA keys as OpenSSH.

OpenSSH has deprecated DSA keys, for security reasons, since v7.0 (2015, 7 years ago). I suggest not using DSA keys in general. Is this possible for your use case? Alternately, can you use 1024 bits DSA keys? If this is not possible I'll try to hack in crypto/ssh. Thanks