RSA versus DSA / Protocol 1 versus Protocol 2

Markus Friedl markus at
Mon Feb 25 05:35:21 EST 2002

On Sun, Feb 24, 2002 at 11:24:23AM -0700, Bob Proulx wrote:
> I have been searching the archives and confused about some points that
> I am hoping could be cleared up.
>   RSA versus DSA
> I seem to see a lot of messages saying this.  That DSA is slow.  DSA
> was added only to avoid a patent which is now expired.  RSA is the
> preferred authentification method.  DSA should be avoided.  Which all
> sounds fine to me and I think I agree with that.  Assuming this
> applies to both host keys and user keys it seems that you cannot
> disable this for host keys when using Protocol 2.

define 'disable'. you can delete the DSA host key.

> Is that required
> for compatibility or other reason?

the SSH2 'standard' defines:

   The following public key and/or certificate formats are currently defined:

   ssh-dss              REQUIRED     sign    Simple DSS
   ssh-rsa              RECOMMENDED  sign    Simple RSA

There is a large installed base of DSA keys.

>   Protocol 1 versus Protocol 2
> OpenSSH 3.x defaults to Protocol 2,1.  Fine.  But ssh-keygen and
> ssh-add default to creating and using rsa1 keys, which means using
> Protocol 1, but using DSA host keys.

in OpenSSH 3.1:
	ssh-keygen will no longer have a default key type.
	ssh-add will try to add all 3 key types.


More information about the openssh-unix-dev mailing list