RSA versus DSA / Protocol 1 versus Protocol 2
Ben Lindstrom
mouring at etoh.eviladmin.org
Mon Feb 25 07:08:59 EST 2002
On Sun, 24 Feb 2002, Bob Proulx wrote:
> > > RSA versus DSA
> > > Assuming this applies to both host keys and user keys it seems
> > > that you cannot disable [DSA] for host keys when using Protocol 2.
>
> > define 'disable'. you can delete the DSA host key.
>
> Negative on being able to delete the DSA host key. If you either
> remove the dsa host key or remove the 'HostKey /etc/ssh_host_dsa_key'
> line from the /etc/sshd_config file then sshd will never again speak
> Protocol 2. It says this:
>
> Protocol major versions differ: 2 vs. 1
>
> Apparently having the line 'HostKey /etc/ssh_host_rsa_key' is not
> sufficient to support Protocol 2 connections. Protocol 1 connections
> continue operating fine in either case.
>
> This is with both sides runing version SSH-1.99-OpenSSH_3.0.2p1.
>
# diff -u /etc/sshd_config sshd_config
--- /etc/sshd_config Fri Jan 25 17:04:06 2002
+++ sshd_config Sun Feb 24 14:04:49 2002
@@ -3,8 +3,8 @@
# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.
-Port 22
-Protocol 2
+Port 2020
+Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
@@ -12,7 +12,6 @@
HostKey /etc/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh_host_rsa_key
-HostKey /etc/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
$ sshd -f sshd_config
$ ssh -1 -p2020 localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA1 key fingerprint is 97:58:59:d7:db:cc:c6:98:d4:38:3a:63:a2:4f:e8:cc.
Are you sure you want to continue connecting (yes/no)?
# ssh -2 -p2020 localhost
root at localhost's password:
In my case I tend to disable protocol 1 because I don't require it.
I don't see what your problem.
- Ben
More information about the openssh-unix-dev
mailing list