RSA versus DSA / Protocol 1 versus Protocol 2

Ben Lindstrom mouring at etoh.eviladmin.org
Mon Feb 25 07:08:59 EST 2002


On Sun, 24 Feb 2002, Bob Proulx wrote:

> > >   RSA versus DSA
> > > Assuming this applies to both host keys and user keys it seems
> > > that you cannot disable [DSA] for host keys when using Protocol 2.
>
> > define 'disable'. you can delete the DSA host key.
>
> Negative on being able to delete the DSA host key.  If you either
> remove the dsa host key or remove the 'HostKey /etc/ssh_host_dsa_key'
> line from the /etc/sshd_config file then sshd will never again speak
> Protocol 2.  It says this:
>
>   Protocol major versions differ: 2 vs. 1
>
> Apparently having the line 'HostKey /etc/ssh_host_rsa_key' is not
> sufficient to support Protocol 2 connections.  Protocol 1 connections
> continue operating fine in either case.
>
> This is with both sides runing version SSH-1.99-OpenSSH_3.0.2p1.
>

# diff -u /etc/sshd_config sshd_config
--- /etc/sshd_config    Fri Jan 25 17:04:06 2002
+++ sshd_config Sun Feb 24 14:04:49 2002
@@ -3,8 +3,8 @@
 # This is the sshd server system-wide configuration file.  See sshd(8)
 # for more information.

-Port 22
-Protocol 2
+Port 2020
+Protocol 2,1
 #ListenAddress 0.0.0.0
 #ListenAddress ::

@@ -12,7 +12,6 @@
 HostKey /etc/ssh_host_key
 # HostKeys for protocol version 2
 HostKey /etc/ssh_host_rsa_key
-HostKey /etc/ssh_host_dsa_key

 # Lifetime and size of ephemeral version 1 server key
 KeyRegenerationInterval 3600

$ sshd -f sshd_config

$ ssh -1 -p2020 localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA1 key fingerprint is 97:58:59:d7:db:cc:c6:98:d4:38:3a:63:a2:4f:e8:cc.
Are you sure you want to continue connecting (yes/no)?

# ssh -2 -p2020 localhost
root at localhost's password:


In my case I tend to disable protocol 1 because I don't require it.

I don't see what your problem.

- Ben




More information about the openssh-unix-dev mailing list