BBS:      TELESC.NET.BR
Assunto:  src/syncterm/ssh.c
De:       Deuc¨
Data:     Thu, 23 Apr 2026 18:36:00 -0700
-----------------------------------------------------------
https://gitlab.synchro.net/main/sbbs/-/commit/4781761a1bdbbe54562ed0b4
Modified Files:
	src/syncterm/ssh.c
Log Message:
SyncTERM: warn the user about weak SSH host keys

Treat any RSA-family host key under 2048 bits as weak (NIST 2024 floor;
Ed25519 is always 256 and considered strong).  The host-key verify
callback now stashes the algorithm name and key size so the post-
handshake UI can act on it:

- HOSTKEY_NEW + weak: prompt "Weak host key (NNNN-bit algo)" with a
  Disconnect/Accept choice instead of silent TOFU.  Under hidepopups
  (no human present) refuse the connection rather than auto-trust a
  weak key.
- HOSTKEY_MISMATCH + weak: existing change-fingerprint dialog grows a
  "WARNING: the new key is a NNNN-bit algo, below the 2048-bit safety
  floor" block, and the title itself becomes "Fingerprint Changed 
  WEAK NNNN-bit algo key" so the warning is visible without F1.
- Strong keys: behaviour unchanged (NEW silently TOFU's, MISMATCH
  uses the original dialog).

Co-Authored-By: Claude Opus 4.7 (1M context) 
n
---
  mSynchronetn  hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net

-----------------------------------------------------------
[Voltar]