I have been searching the archives and confused about some points that I am hoping could be cleared up. RSA versus DSA I seem to see a lot of messages saying this. That DSA is slow. DSA was added only to avoid a patent which is now expired. RSA is the preferred authentification method. DSA should be avoided. Which all sounds fine to me and I think I agree with that. Assuming this applies to both host keys and user keys it seems that you cannot disable this for host keys when using Protocol 2. Is that required for compatibility or other reason? Protocol 1 versus Protocol 2 OpenSSH 3.x defaults to Protocol 2,1. Fine. But ssh-keygen and ssh-add default to creating and using rsa1 keys, which means using Protocol 1, but using DSA host keys. I think. Which makes actually using Protocol 2 much more of an exercise for users. Is there a reason that ssh-keygen and ssh-add use rsa1 while the others use Protocol 2 which would seem to be rsa? Since they are trivial to patch so that all default to 'rsa' keys and work nicely with Protocol 2 then I assume there must have been a reason that a full move to 'rsa' keys have not already happened. I am setting up new people to use ssh and I want to get them going in a direction of least thrash from now forward. What are your recommendations? Answers or discussion for these questions would be great additions to the FAQ or near there in the online docs. At least I could not find anything definitive and I spent a fair amount of time searching documentation and reading the mail archives. Thanks Bob
On Sun, Feb 24, 2002 at 11:24:23AM -0700, Bob Proulx wrote:> I have been searching the archives and confused about some points that > I am hoping could be cleared up. > > RSA versus DSA > > I seem to see a lot of messages saying this. That DSA is slow. DSA > was added only to avoid a patent which is now expired. RSA is the > preferred authentification method. DSA should be avoided. Which all > sounds fine to me and I think I agree with that. Assuming this > applies to both host keys and user keys it seems that you cannot > disable this for host keys when using Protocol 2.define 'disable'. you can delete the DSA host key.> Is that required > for compatibility or other reason?the SSH2 'standard' defines: The following public key and/or certificate formats are currently defined: ssh-dss REQUIRED sign Simple DSS ssh-rsa RECOMMENDED sign Simple RSA There is a large installed base of DSA keys.> Protocol 1 versus Protocol 2 > > OpenSSH 3.x defaults to Protocol 2,1. Fine. But ssh-keygen and > ssh-add default to creating and using rsa1 keys, which means using > Protocol 1, but using DSA host keys.in OpenSSH 3.1: ssh-keygen will no longer have a default key type. ssh-add will try to add all 3 key types. -m