Agent forwarding with DSA keys?

Peter Stuge stuge at cdy.org
Wed Sep 27 01:43:39 EST 2000


On Tue, Sep 26, 2000 at 10:37:38AM +0200, Markus Friedl wrote:
> On Tue, Sep 26, 2000 at 01:26:57AM +0200, Peter Stuge wrote:
> > Ehm, exactly how do I use my DSA key with version 1 of the protocol?
> 
> you cannot.

Ok, that's what I thought.


> > > Thanks!  OpenSSH rocks, by the way!
> > 
> > What rocks most, IMHO, is that it implements SSH-2, which is the only thing
> > I really want to use because last thing I heard/read was that SSH-1 could be
> > hijacked, with some effort.
> 
> do you have some _real_ information on this? or is it just FUD?

No real info I'm sure of, no.  My suspicion comes from a number of posts to
BUGTRAQ which, if I'm not mistaken, boiled down to that it is possible to
hijack SSH-1 sessions.  Anyway, I just generally assume worst case and
prefer SSH-2 when/where at all possible.


> > I generally don't want to risk that so I stick
> > to SSH-2 per default.  This might of course be wrong, but I did some
> > research and ended up preferring SSH-2.
> > 
> > 
> > Also, would anyone know anything about a utility that is able to convert
> > ssh.com private DSA keys into PEM OpenSSL private DSA keys?
> 
> ssh.com's format is not documented.

Ok, thx.  (To Paul too for his comment.)


//Peter

-- 
irc: CareBear\    tel: +46-40-914420
irl: Peter Stuge  gsm: +46-705-783805





More information about the openssh-unix-dev mailing list