Re: OpenSSH: which public keys are required/recommended?

• Previous message: Andrew McCall: "Re: Permission denied (publickey) Problem."
• In reply to: Richard Silverman: "Re: OpenSSH: which public keys are required/recommended?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Timo Felbinger <Timo.Felbinger@quantum.physik.uni-potsdam.de>
Date: Thu, 28 Mar 2002 16:35:34 +0100

On 27 Mar 2002, Richard Silverman wrote:

>
> > 1) sshd refuses to start if no rsa1 host key is found, even if
> > I don't need protocol 1, and have disabled it explicitely in
> > sshd_config. Why?
>
> I cannot replicate this behavior. Post your sshd_config and the output of
> sshd -d.

Ooops, sorry. Stupid mistake. I overlooked the HostKey entry in the
config file. Just removing the Protocol entry obviously wasn't enough.

> > 2) protocol 2 seems to be supported if either one of the the
> > corresponding key pairs, rsa or dsa, is present. Is there any advantage
> > in having both? If not, is there a reason to prefer one over the other?
>
> RSA seems to be generally faster than DSA;

Yes, that's what I noticed, too.

> on the other hand, not all
> clients support RSA. So it's useful to have both.

Ok, so it does make sense to install both. OTOH, if only one of them
is used anyway, it should be ok to export only one of the keys to all
the known_hosts2 files.

Thanks to all who replied,

Timo Felbinger

-- 
Timo Felbinger           <Timo.Felbinger@quantum.physik.uni-potsdam.de>
Quantum Physics Group    http://www.quantum.physik.uni-potsdam.de
Institut fuer Physik     Tel: +49 331 977 1793      Fax: -1767
Universitaet Potsdam, Germany

• Next message: Piotr Wolak: "Re: sftp + ls not working properly"
• Previous message: Andrew McCall: "Re: Permission denied (publickey) Problem."
• In reply to: Richard Silverman: "Re: OpenSSH: which public keys are required/recommended?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages OpenSSH: which public keys are required/recommended? ... rsa1 (protocol 1), ... corresponding key pairs, rsa or dsa, is present. ... (comp.security.ssh) Re: ssh host key inconsistency ... but our sshd is only using the DSA key. ... we intentionally do not use the RSA host key by default. ... for protocol version 2. ... These three files contain the private parts of the host keys. ... (FreeBSD-Security) Re: Which authenttication is better ... is using RSA keys in protocol 2, ... >PreferredAuthentications in the config file or on the command line. ... >>I was presented with the server host's RSA ... (comp.security.ssh) Re: openssh uses Diffie-Hellman or RSA for sesssion key exchange? ... The answer "ssh2 uses Diffie-Hellman because ... that is what protocol demands" is certainly a right answer. ... RSA key transferring would make one party responsible for generating ... > methods -- what is used depends on what methods the client and server have ... (comp.security.ssh) Re: OpenSSH 3.7.1 Newbie ... >created keys for RSA, RSA1 and DSA. ... The first number after the "SSH" text is the versions of the protocol ... Good judgement comes with experience. ... (comp.security.ssh)