Does agent forwarding work with DSA keys? I'm using 2.2.0p1 on RedHat Linux 6.2 (Alpha) and Solaris 2.6 (SPARC). If I ssh-add my RSA key into the local agent and ssh to another machine, the agent connection is forwarded properly. (I can say "ssh-add -l" and see my keys.) If I ssh-add my DSA key into the local agent and "ssh -2" to another machine, the agent connection does not forward. (Ssh-add -l can't find the agent, there is no SSH_AUTH_SOCK environment variable.) I've been rummaging in the code, and I see two sections in ssh.c where X forwarding is handled. One of the sections also handles agent forwarding. I tagged one of the debug() calls about "Requesting X11 forwarding" in order to distinguish between them at runtime. The section that does not appear to do agent forwarding is the one that gets executed when a DSA key is being used. Hmmm... I don't see other complaints like this on the list, so probably I'm doing something wrong. On the other hand, perhaps everybody but me already knows that agent forwarding doesn't quite work yet in protocol 2. :-) Can anybody point me to the path of sanity here? Thanks! Paul Allen -- Paul L. Allen | voice: (425) 865-3297 fax: (425) 865-2964 Unix Technical Support | paul.l.allen at boeing.com Boeing Phantom Works Math & Computing Technology Site Operations, POB 3707 M/S 7L-68, Seattle, WA 98124-2207
How do you manage to ssh-add your dsa key? When I try that, I'm informed that it is a bad key file... -----Original Message----- From: Paul Allen [mailto:paul.l.allen at boeing.com] Sent: Friday, September 22, 2000 1:20 AM To: openssh-unix-dev at mindrot.org Subject: Agent forwarding with DSA keys? Does agent forwarding work with DSA keys? I'm using 2.2.0p1 on RedHat Linux 6.2 (Alpha) and Solaris 2.6 (SPARC). If I ssh-add my RSA key into the local agent and ssh to another machine, the agent connection is forwarded properly. (I can say "ssh-add -l" and see my keys.) If I ssh-add my DSA key into the local agent and "ssh -2" to another machine, the agent connection does not forward. (Ssh-add -l can't find the agent, there is no SSH_AUTH_SOCK environment variable.) I've been rummaging in the code, and I see two sections in ssh.c where X forwarding is handled. One of the sections also handles agent forwarding. I tagged one of the debug() calls about "Requesting X11 forwarding" in order to distinguish between them at runtime. The section that does not appear to do agent forwarding is the one that gets executed when a DSA key is being used. Hmmm... I don't see other complaints like this on the list, so probably I'm doing something wrong. On the other hand, perhaps everybody but me already knows that agent forwarding doesn't quite work yet in protocol 2. :-) Can anybody point me to the path of sanity here? Thanks! Paul Allen -- Paul L. Allen | voice: (425) 865-3297 fax: (425) 865-2964 Unix Technical Support | paul.l.allen at boeing.com Boeing Phantom Works Math & Computing Technology Site Operations, POB 3707 M/S 7L-68, Seattle, WA 98124-2207
peter> Also, would anyone know anything about a utility that is able to peter> convert ssh.com private DSA keys into PEM OpenSSL private DSA keys? markus> ssh.com's format is not documented. True. However, ssh.com-2.3.0 has added a ssh-keygen -i feature, which prints out all the parameters for a DSA public or private key. So I wrote the following quick hack to take the output of that and write out an OpenSSH private key. I should probably roll a fancier version of this into the OpenSSH ssh-keygen as -z. http://www.snailbook.com/tools/dsa-convert.c -- Richard Silverman slade at shore.net