Agent forwarding with DSA keys?

[Peter Stuge]

On Mon, Sep 25, 2000 at 03:57:26PM -0700, Paul Allen wrote:
> Markus Friedl wrote:
> > 
> > On Mon, Sep 25, 2000 at 11:07:09AM -0700, Paul Allen wrote:
> > > Note that my problem is not with ssh-add.  The agent knows about
> > > my DSA key and ssh uses the stashed key to log me in on another
> > > machine without asking for my pass-phrase.  The problem is that
> > > the connection to the agent is not forwarded if I use my DSA key,
> > > while it is forwarded if I use my RSA key.
> > >
> > > So, I come back to the question, "Does agent forwarding work
> > > with DSA keys?"  If it doesn't work yet, that's fine.  But if
> > > someone has it working, I'd sure like to hear about it.
> > 
> > agent forwaring does work with DSA and RSA,
> > but it does not work if you use protocol version 2,
> > since it's not implemented.
> > 
> > just ssh to localhost with protocol 1 and execute 'ssh-add -l'
> 
> That's the way it looked to me.  I can ssh-add my DSA key, use
> protocol 1 (RSA) to ssh somewhere, and the agent connection is
> forwarded.  I just can't use my DSA key without losing the agent
> connection.  I'll just set my users up to use protocol 1 by default
> and be happy.  They can use "ssh -2" if some site requires it.

Ehm, exactly how do I use my DSA key with version 1 of the protocol?


> Thanks!  OpenSSH rocks, by the way!

What rocks most, IMHO, is that it implements SSH-2, which is the only thing
I really want to use because last thing I heard/read was that SSH-1 could be
hijacked, with some effort.  I generally don't want to risk that so I stick
to SSH-2 per default.  This might of course be wrong, but I did some
research and ended up preferring SSH-2.


Also, would anyone know anything about a utility that is able to convert
ssh.com private DSA keys into PEM OpenSSL private DSA keys?

//Peter

-- 
irc: CareBear\    tel: +46-40-914420
irl: Peter Stuge  gsm: +46-705-783805