FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 01-22-2010, 04:31 PM
Martin McCormick
 
Default How Does One force Use of DSA Keys under Linux?

I recently needed to clear out some old entries from the
.ssh/known_hosts file on a Debian system and discovered that I
couldn't tell which system key was which because they were all
type rsa keys instead of the type DSA keys which do contain a
field with either the host name or its IP address.

Is there a way in Linux to make ssh get the type DSA host keys?
I presently see the following message when adding a new host to
known_hosts:

Warning: Permanently added 'remote.host.okstate.edu,192.168.8.9' (RSA)
to the list of known hosts.

When a FreeBSD system connects to a Debian host as an
example, it automatically knows to add the dsa host key.

This is no show stopper by any means, but why is this
happening? Thanks.

Martin McCormick WB5AGZ Stillwater, OK
Systems Engineer
OSU Information Technology Department Telecommunications Services Group


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-22-2010, 10:13 PM
"Todd A. Jacobs"
 
Default How Does One force Use of DSA Keys under Linux?

On Fri, Jan 22, 2010 at 11:31:46AM -0600, Martin McCormick wrote:

> Is there a way in Linux to make ssh get the type DSA host keys? I
> presently see the following message when adding a new host to

This is actually a good question, and one to which I couldn't find an
easy answer. As far as I can tell, the solution is not to rely on the
SSH client directly; instead, one needs to use ssh-keyscan with the type
flag:

ssh-keyscan -t dsa <hostname>

In other words, RSA is the default, and you have to do some work to use
DSA instead. I'm not sure this is a bad thing, mind you, but it wasn't
intuitive for me, either.

--
"Oh, look: rocks!"
-- Doctor Who, "Destiny of the Daleks"


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 01-23-2010, 12:40 PM
Jim Barnes
 
Default How Does One force Use of DSA Keys under Linux?

Martin McCormick wrote:
> I recently needed to clear out some old entries from the
> .ssh/known_hosts file on a Debian system and discovered that I
> couldn't tell which system key was which because they were all
> type rsa keys instead of the type DSA keys which do contain a
> field with either the host name or its IP address.
>
> Is there a way in Linux to make ssh get the type DSA host keys?
> I presently see the following message when adding a new host to
> known_hosts:
>
> Warning: Permanently added 'remote.host.okstate.edu,192.168.8.9' (RSA)
> to the list of known hosts.
>
> When a FreeBSD system connects to a Debian host as an
> example, it automatically knows to add the dsa host key.
>
> This is no show stopper by any means, but why is this
> happening? Thanks.
>

Not dependant on RSA vs DSA, but the value HashKnownHosts in
/etc/ssh/ssh_config

man ssh_config

HashKnownHosts
Indicates that ssh(1) should hash host names and addresses when they are
added to ~/.ssh/known_hosts. These hashed names may be used normally by
ssh(1) and sshd(8), but they do not reveal identifying information
should the file's contents be disclosed. The default is ``no'. Note
that existing names and addresses in known hosts files will not be
converted automatically, but may be manually hashed using ssh-keygen(1).

HTH,
--
Jim Barnes


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 05:13 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org