Re: How Does One force Use of DSA Keys under Linux?
Martin McCormick wrote: I recently needed to clear out some old entries from the .ssh/known_hosts file on a Debian system and discovered that I couldn't tell which system key was which because they were all type rsa keys instead of the type DSA keys which do contain a field with either the host name or its IP address. Is there a way in Linux to make ssh get the type DSA host keys? I presently see the following message when adding a new host to known_hosts: Warning: Permanently added 'remote.host.okstate.edu,192.168.8.9' (RSA) to the list of known hosts. When a FreeBSD system connects to a Debian host as an example, it automatically knows to add the dsa host key. This is no show stopper by any means, but why is this happening? Thanks. Not dependant on RSA vs DSA, but the value HashKnownHosts in /etc/ssh/ssh_config man ssh_config HashKnownHosts Indicates that ssh(1) should hash host names and addresses when they are added to ~/.ssh/known_hosts. These hashed names may be used normally by ssh(1) and sshd(8), but they do not reveal identifying information should the file's contents be disclosed. The default is ``no''. Note that existing names and addresses in known hosts files will not be converted automatically, but may be manually hashed using ssh-keygen(1). HTH, -- Jim Barnes -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
How Does One force Use of DSA Keys under Linux?
I recently needed to clear out some old entries from the .ssh/known_hosts file on a Debian system and discovered that I couldn't tell which system key was which because they were all type rsa keys instead of the type DSA keys which do contain a field with either the host name or its IP address. Is there a way in Linux to make ssh get the type DSA host keys? I presently see the following message when adding a new host to known_hosts: Warning: Permanently added 'remote.host.okstate.edu,192.168.8.9' (RSA) to the list of known hosts. When a FreeBSD system connects to a Debian host as an example, it automatically knows to add the dsa host key. This is no show stopper by any means, but why is this happening? Thanks. Martin McCormick WB5AGZ Stillwater, OK Systems Engineer OSU Information Technology Department Telecommunications Services Group -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: How Does One force Use of DSA Keys under Linux?
On Fri, Jan 22, 2010 at 11:31:46AM -0600, Martin McCormick wrote: Is there a way in Linux to make ssh get the type DSA host keys? I presently see the following message when adding a new host to This is actually a good question, and one to which I couldn't find an easy answer. As far as I can tell, the solution is not to rely on the SSH client directly; instead, one needs to use ssh-keyscan with the type flag: ssh-keyscan -t dsa hostname In other words, RSA is the default, and you have to do some work to use DSA instead. I'm not sure this is a bad thing, mind you, but it wasn't intuitive for me, either. -- Oh, look: rocks! -- Doctor Who, Destiny of the Daleks -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
