RSA versus DSA / Protocol 1 versus Protocol 2

Bob Proulx bob at
Mon Feb 25 07:42:36 EST 2002

> >   RSA versus DSA
> > Assuming this applies to both host keys and user keys it seems
> > that you cannot disable [DSA] for host keys when using Protocol 2.

> define 'disable'. you can delete the DSA host key.

Negative on being able to delete the DSA host key.  If you either
remove the dsa host key or remove the 'HostKey /etc/ssh_host_dsa_key'
line from the /etc/sshd_config file then sshd will never again speak
Protocol 2.  It says this:

  Protocol major versions differ: 2 vs. 1

Apparently having the line 'HostKey /etc/ssh_host_rsa_key' is not
sufficient to support Protocol 2 connections.  Protocol 1 connections
continue operating fine in either case.

This is with both sides runing version SSH-1.99-OpenSSH_3.0.2p1.


More information about the openssh-unix-dev mailing list