浏览代码

Key lengths same as letsencrypt

Bob Mottram 7 年前
父节点
当前提交
3cf283dbe4
共有 5 个文件被更改,包括 10 次插入9 次删除
  1. 1
    1
      src/freedombone-addcert
  2. 1
    1
      src/freedombone-app-ipfs
  3. 1
    1
      src/freedombone-base-email
  4. 1
    1
      src/freedombone-client
  5. 6
    5
      src/freedombone-utils-ssh

+ 1
- 1
src/freedombone-addcert 查看文件

@@ -311,7 +311,7 @@ function add_cert_selfsigned {
311 311
 
312 312
     openssl req -x509 ${EXTENSIONS} -nodes -days 3650 -sha256 \
313 313
             -subj "/O=$ORGANISATION/OU=$UNIT/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
314
-            -newkey rsa:4096 -keyout /etc/ssl/private/${CERTFILE}.key \
314
+            -newkey rsa:2048 -keyout /etc/ssl/private/${CERTFILE}.key \
315 315
             -out /etc/ssl/certs/${CERTFILE}.crt
316 316
     chmod 400 /etc/ssl/private/${CERTFILE}.key
317 317
     chmod 640 /etc/ssl/certs/${CERTFILE}.crt

+ 1
- 1
src/freedombone-app-ipfs 查看文件

@@ -519,7 +519,7 @@ function install_ipfs_go {
519 519
     fi
520 520
 
521 521
     # initialise
522
-    su -c "$IPFS_PATH/ipfs init -b 4096" - $MY_USERNAME
522
+    su -c "$IPFS_PATH/ipfs init -b 2048" - $MY_USERNAME
523 523
     if [ ! -d /home/$MY_USERNAME/.ipfs ]; then
524 524
         echo "IPFS could not be initialised for user $MY_USERNAME"
525 525
         exit 7358

+ 1
- 1
src/freedombone-base-email 查看文件

@@ -1454,7 +1454,7 @@ function configure_imap_client_certs {
1454 1454
     echo 'serial = sslserial' >> /etc/ssl/dovecot-ca.cnf
1455 1455
     echo 'default_days = 3650' >> /etc/ssl/dovecot-ca.cnf
1456 1456
     echo 'default_md = sha256' >> /etc/ssl/dovecot-ca.cnf
1457
-    echo 'default_bits = 4096' >> /etc/ssl/dovecot-ca.cnf
1457
+    echo 'default_bits = 2048' >> /etc/ssl/dovecot-ca.cnf
1458 1458
     echo 'policy = dovecot-ca_policy' >> /etc/ssl/dovecot-ca.cnf
1459 1459
     echo 'x509_extensions = dovecot-ca_extensions' >> /etc/ssl/dovecot-ca.cnf
1460 1460
     echo '' >> /etc/ssl/dovecot-ca.cnf

+ 1
- 1
src/freedombone-client 查看文件

@@ -154,7 +154,7 @@ function configure_ssh_client {
154 154
         ssh-keygen -t ed25519 -o -a 100
155 155
     fi
156 156
     if [ ! -f /home/$CURR_USER/.ssh/id_rsa ]; then
157
-        ssh-keygen -t rsa -b 4096 -o -a 100
157
+        ssh-keygen -t rsa -b 2048 -o -a 100
158 158
     fi
159 159
 
160 160
     ssh_remove_small_moduli

+ 6
- 5
src/freedombone-utils-ssh 查看文件

@@ -46,12 +46,13 @@ function configure_ssh {
46 46
     sed -i 's/#PermitRootLogin no/PermitRootLogin no/g' /etc/ssh/sshd_config
47 47
     sed -i 's/X11Forwarding.*/X11Forwarding no/g' /etc/ssh/sshd_config
48 48
     sed -i 's/#X11Forwarding no/X11Forwarding no/g' /etc/ssh/sshd_config
49
-    sed -i 's/ServerKeyBits.*/ServerKeyBits 4096/g' /etc/ssh/sshd_config
50
-    sed -i 's/#ServerKeyBits 4096/ServerKeyBits 4096/g' /etc/ssh/sshd_config
49
+    sed -i 's/ServerKeyBits.*/ServerKeyBits 2048/g' /etc/ssh/sshd_config
50
+    sed -i 's/#ServerKeyBits 2048/ServerKeyBits 2048/g' /etc/ssh/sshd_config
51 51
     sed -i 's/TCPKeepAlive.*/TCPKeepAlive no/g' /etc/ssh/sshd_config
52 52
     sed -i 's/#TCPKeepAlive no/TCPKeepAlive no/g' /etc/ssh/sshd_config
53 53
     sed -i 's|HostKey /etc/ssh/ssh_host_dsa_key|#HostKey /etc/ssh/ssh_host_dsa_key|g' /etc/ssh/sshd_config
54 54
     sed -i 's|HostKey /etc/ssh/ssh_host_ecdsa_key|#HostKey /etc/ssh/ssh_host_ecdsa_key|g' /etc/ssh/sshd_config
55
+    sed -i 's|#HostKey /etc/ssh/ssh_host_ed25519_key|HostKey /etc/ssh/ssh_host_ed25519_key|g' /etc/ssh/sshd_config
55 56
     if ! grep -q 'DebianBanner' /etc/ssh/sshd_config; then
56 57
         echo 'DebianBanner no' >> /etc/ssh/sshd_config
57 58
     else
@@ -126,9 +127,9 @@ function configure_ssh_client {
126 127
     if [ ! -f ~/.ssh/id_ed25519 ]; then
127 128
         ssh-keygen -t ed25519 -o -a 100
128 129
     fi
129
-    if [ ! -f ~/.ssh/id_rsa ]; then
130
-        ssh-keygen -t rsa -b 4096 -o -a 100
131
-    fi
130
+    #if [ ! -f ~/.ssh/id_rsa ]; then
131
+    #    ssh-keygen -t rsa -b 2048 -o -a 100
132
+    #fi
132 133
 
133 134
     function_check ssh_remove_small_moduli
134 135
     ssh_remove_small_moduli