[I] SSH Host Key Generated with RSA 2048-bit (~112 bits of security) (tooling-trusted-releases)

Mon, 30 Mar 2026 18:35:05 -0700 


asf-tooling opened a new issue, #984:
URL: https://github.com/apache/tooling-trusted-releases/issues/984

   **ASVS Level(s):** [L2-only]
   
   **Description:**
   
   ### Summary
   The SSH server host key is generated using 
`asyncssh.generate_private_key('ssh-rsa')` without specifying a key size, which 
defaults to 2048 bits. According to NIST SP 800-57 Part 1 Rev. 5, RSA 2048-bit 
provides approximately 112 bits of security, falling short of the ASVS 11.2.3 
requirement for a minimum of 128 bits of security (which requires RSA ≥3072 
bits). Additionally, if a host key already exists at the specified path, it is 
loaded without verifying its algorithm or key size.
   
   ### Details
   **Affected Files and Lines:**
   - `atr/ssh.py:148-189` - Host key generation with insufficient strength
   
   The default RSA 2048-bit key provides only 112 bits of security, below ASVS 
requirements. Existing keys are loaded without validation.
   
   ### Recommended Remediation
   **Option A (Recommended):** Use Ed25519:
   
   ```python
   host_key = asyncssh.generate_private_key('ssh-ed25519')
   ```
   
   Ed25519 provides 128 bits of security and is more efficient than RSA.
   
   **Option B:** Use RSA 4096-bit:
   
   ```python
   host_key = asyncssh.generate_private_key('ssh-rsa', key_size=4096)
   ```
   
   RSA 4096-bit provides ~140 bits of security.
   
   Add validation logic to check existing keys when loading from disk:
   
   ```python
   if host_key_path.exists():
       host_key = asyncssh.read_private_key(str(host_key_path))
       # Validate key strength
       if isinstance(host_key, asyncssh.SSHKeyPairRSA) and host_key.key_size < 
3072:
           raise ValueError("Existing RSA host key too weak (< 3072 bits)")
   ```
   
   ### Acceptance Criteria
   - [ ] Host key algorithm upgraded
   - [ ] Key strength meets ASVS requirements
   - [ ] Existing key validation added
   - [ ] Weak keys rejected on load
   - [ ] Documentation updated
   - [ ] Unit test verifying the fix
   
   ### References
   - Source reports: L2:11.2.3.md, L2:11.6.1.md
   - Related findings: FINDING-059
   - ASVS sections: 11.2.3, 11.6.1
   
   ### Priority
   High
   
   ---


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to