We support ssh-rsa
and ssh-rsa-sha256@ssh.com
host key ciphers, and both of these support RSA keys of any size - it's up to the server maintainers which key size they choose when generating the key (most servers are kept with default settings, which are usually reasonable unless the server software is outdated).
Since Rebex SFTP 2016 R3, you can easily specify minimum allowed RSA key size. To only allow 2048-bit RSA keys, do this:
client.Settings.SshParameters.MinimumRsaHostKeySize = 2048;
Alternatively, check the key size yourself after Sftp
object's Connect
method has succeeded, but before calling the Login
method:
int keySize = client.ServerKey.KeySize;
However, I have to stress that checking the key size alone is useless - anyone can generate a 2048-bit RSA key (or longer). SFTP/SSH clients must always make sure to check the actual server key as well. (Checking its fingerprint at first connect and keeping the key at the client for subsequent connections is sufficient in most scenarios).
Note: RFC 4432 defined rsa1024-sha1
and rsa2048-sha256
ciphers which define a slightly-modified RSA host key ciphers with minimum key size of 1024 or 2048 bits. However, most SSH servers either don't support these at all, or don't enable them by default. If your SFTP/SSH server supports `rsa2048-sha2561 and you would like to add support for it, please let us know - we would gladly add it.