Re: OpenSSH: which public keys are required/recommended?

• Next message: Richard Silverman: "Re: OpenSSH: which public keys are required/recommended?"
• Previous message: Neil W Rickert: "Re: Agent forwarding between OpenSSH and ssh.com servers"
• In reply to: Timo Felbinger: "OpenSSH: which public keys are required/recommended?"
• Next in thread: Richard Silverman: "Re: OpenSSH: which public keys are required/recommended?"
• Reply: Richard Silverman: "Re: OpenSSH: which public keys are required/recommended?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Dimitri Maziuk <dima@127.0.0.1>
Date: Wed, 27 Mar 2002 20:09:03 +0000 (UTC)

begin 666 Timo Felbinger:
>
> Hello,
>
> OpenSSH (in my case, version 3.1) supports three different types
> of private/public key pairs: rsa1 (protocol 1), rsa and dsa
> (protocol 2). I noticed that:
> 1) sshd refuses to start if no rsa1 host key is found, even if
> I don't need protocol 1, and have disabled it explicitely in
> sshd_config. Why?
> 2) protocol 2 seems to be supported if either one of the the
> corresponding key pairs, rsa or dsa, is present. Is there
> any advantage in having both? If not, is there a reason to
> prefer one over the other?

What I noticed after upgrading to OpenSSH 3.1 is that if a host
has DSA key but no RSA key in authorized_keys2, ssh will barf.
So there is a reason to prefer RSA keys -- they seem to work better.
I'm not sure if it is a bug or a feature.

Dima

-- 
Surely there is a polite way to say FOAD.                        -- Shmuel Metz
"Go forth and multiply".                                         -- Paul Martin

• Next message: Richard Silverman: "Re: OpenSSH: which public keys are required/recommended?"
• Previous message: Neil W Rickert: "Re: Agent forwarding between OpenSSH and ssh.com servers"
• In reply to: Timo Felbinger: "OpenSSH: which public keys are required/recommended?"
• Next in thread: Richard Silverman: "Re: OpenSSH: which public keys are required/recommended?"
• Reply: Richard Silverman: "Re: OpenSSH: which public keys are required/recommended?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages FreeBSD Security Advisory FreeBSD-SA-01:24.ssh ... OpenSSH is an implementation of the SSH1 and SSH2 secure shell ... An SSH1 client/server from ssh.com is included in the ports ... mistake in code intended to work around a protocol flaw in the SSH1 ... of the ssh port prior to ssh-1.2.27_3 are vulnerable to these attacks. ... (FreeBSD-Security) Re: Lessons! :) ... there's an herbal protocol that may be helpful. ... And there's a website where people can ask questions, and Buhner ... and may be one reason why some of us seem unable ... Those of us with chronic Lyme know we're a ... (rec.equestrian) Re: [fw-wiz] Allowing DNS servers to operate behind NetScreen 500 ... The reason for my response was that I don't know of any ... >> currently relevant reason for DNS responses to be over 512 bytes in size. ... There's L4 modes that most firewalls have -- they ... just dumb down the firewall's L7 handling of the protocol in question -- ... (Firewall-Wizards) Re: Ronald Reagan mostly responsible for the space shuttle challenger tragedy. Gotta beat those Rus ... >> there for a reason. ... > There was no existing protocol or 'flight rule' or ... Tell him it was at a restaurant/lounge off Hwy. ... Laurel Inn Motel.) ... (sci.space.shuttle) Re: Ronald Reagan mostly responsible for the space shuttle challenger tragedy. Gotta beat those Rus ... >> there for a reason. ... > There was no existing protocol or 'flight rule' or ... Tell him it was at a restaurant/lounge off Hwy. ... Laurel Inn Motel.) ... (sci.space.history)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint