ssh-audit
ssh-audit copied to clipboard
"using small 512-bit CA key modulus" misleading
Hi,
I'm running an SSH-CA with ECDSA to sign my host keys (in this example an ed25519 host key). ssh-audit complains about
(key) [email protected] (256-bit cert/512-bit ecdsa-sha2-nistp256 CA) -- [fail] using small 512-bit CA key modulus (rec) [email protected] -- key algorithm to remove
Since ECDSA does not have a modulus the failure is misleading. The check either should only apply to RSA CAs or be adapted to support elliptic curve CAs key sizes.
Thanks!