Problem connecting to v2.9.9p2 on Solaris 8
mouring at etoh.eviladmin.org
mouring at etoh.eviladmin.org
Wed Nov 28 02:56:31 EST 2001
[..]
> > > Any ideas what's going wrong here? From a layman's point of view, it
> > > would appear that Putty and OpenSSH can't decide on key algorithms... but
> > > why would this happen? I use Putty to connect to other
> > > OpenSSH2.9.9p2/Sol8 installs (the same compiled code) and it works fine...
> >
> > the sshd offers a ssh v2 RSA hostkey,
> > putty says it can only understand ssh v2 DSA hostkeys,
> > so they cannot agree.
> >
> > i suggest to generate a SSH v2 DSA hostkey, too.
>
> That's it! Thanks! I wasn't aware that Putty only supported DSA in v2...
> oh well... ;-)
>
As of 0.51 it supports both RSA and DSA.. Which is kinda funny since the
author originally railed against DSA and shouted at the top of his lungs
that he would never support DSA due to the fact it sucks up too my entropy
to be reliable.
Rather abrubt 180..
[quote from FAQ]
A.7.3 How come PuTTY now supports DSA, when the website used to say how
insecure it was?
DSA has a major weakness if badly implemented: it relies on a random
number generator to far too great an extent. If the random number
generator produces a number an attacker can predict, the DSA private key
is exposed - meaning that the attacker can log in as you on all systems
that accept that key.
The PuTTY policy changed because the developers were informed of ways to
implement DSA which do not suffer nearly as badly from this weakness, and
indeed which don't need to rely on random numbers at all. For this reason
we now believe PuTTY's DSA implementation is probably OK. However, if you
have the choice, we still recommend you use RSA instead.
- Ben
More information about the openssh-unix-dev
mailing list