Agent forwarding with DSA keys?
Peter Stuge
stuge at cdy.org
Tue Sep 26 10:26:57 EST 2000
On Mon, Sep 25, 2000 at 03:57:26PM -0700, Paul Allen wrote:
> Markus Friedl wrote:
> >
> > On Mon, Sep 25, 2000 at 11:07:09AM -0700, Paul Allen wrote:
> > > Note that my problem is not with ssh-add. The agent knows about
> > > my DSA key and ssh uses the stashed key to log me in on another
> > > machine without asking for my pass-phrase. The problem is that
> > > the connection to the agent is not forwarded if I use my DSA key,
> > > while it is forwarded if I use my RSA key.
> > >
> > > So, I come back to the question, "Does agent forwarding work
> > > with DSA keys?" If it doesn't work yet, that's fine. But if
> > > someone has it working, I'd sure like to hear about it.
> >
> > agent forwaring does work with DSA and RSA,
> > but it does not work if you use protocol version 2,
> > since it's not implemented.
> >
> > just ssh to localhost with protocol 1 and execute 'ssh-add -l'
>
> That's the way it looked to me. I can ssh-add my DSA key, use
> protocol 1 (RSA) to ssh somewhere, and the agent connection is
> forwarded. I just can't use my DSA key without losing the agent
> connection. I'll just set my users up to use protocol 1 by default
> and be happy. They can use "ssh -2" if some site requires it.
Ehm, exactly how do I use my DSA key with version 1 of the protocol?
> Thanks! OpenSSH rocks, by the way!
What rocks most, IMHO, is that it implements SSH-2, which is the only thing
I really want to use because last thing I heard/read was that SSH-1 could be
hijacked, with some effort. I generally don't want to risk that so I stick
to SSH-2 per default. This might of course be wrong, but I did some
research and ended up preferring SSH-2.
Also, would anyone know anything about a utility that is able to convert
ssh.com private DSA keys into PEM OpenSSL private DSA keys?
//Peter
--
irc: CareBear\ tel: +46-40-914420
irl: Peter Stuge gsm: +46-705-783805
More information about the openssh-unix-dev
mailing list