RSA versus DSA / Protocol 1 versus Protocol 2
Ben Lindstrom
mouring at etoh.eviladmin.org
Mon Feb 25 07:36:23 EST 2002
On Sun, 24 Feb 2002, Bob Proulx wrote:
>
> > # diff -u /etc/sshd_config sshd_config
> [...]
> > +Port 2020
> > +Protocol 2,1
> > -HostKey /etc/ssh_host_dsa_key
> [...]
> > $ sshd -f sshd_config
>
> Interesting. Right there this dies for me.
>
> cd /etc
> cp sshd_config sshd_config.hacked
> edit sshd_config.hacked
> diff -u0 | grep -v ^@@
> --- sshd_config Sun Feb 24 13:47:16 2002
> +++ sshd_config.hacked Sun Feb 24 13:53:52 2002
> -Port 22
> -#Protocol 2,1
> +Port 2022
> +Protocol 2,1
> -HostKey /etc/ssh_host_dsa_key
> +# HostKey /etc/ssh_host_dsa_key
>
> [root at joseki /etc]# sshd -f sshd_config.hacked
> Disabling protocol version 2. Could not load host key
>
> telnet localhost 2022
> SSH-1.5-OpenSSH_3.0.2p1
>
> I will dig around in the code a little and see what I find.
>
> > # ssh -2 -p2020 localhost
> > root at localhost's password:
>
> Since you normally use Protocol 2 this host is already in your
> known_hosts file. Which means I can't see if this is using the DSA
> host key or an RSA host key.
>
To tell you the truth.. it is RSA.. I did not think about passing a DSA
key. I tend to disable DSA key support.
Again it goes back to my own personal policy of "any unrequired feature
that can be easily disabled should be disabled". Just so happens this
box has DSA key support enabled.
$ ssh -1 -o"HostKeyAlgorithms ssh-dss" localhost
Protocol major versions differ: 1 vs. 2
Hmm.. Interesting..
- Ben
More information about the openssh-unix-dev
mailing list