AIX

AIX

Connect with fellow AIX users and experts to gain knowledge, share insights, and solve problems.

 View Only

  • 1.  apply ssh - rsa vs dsa

    Posted Fri February 02, 2007 11:51 AM

    Originally posted by: SystemAdmin


    we have two AIX p550 with 5.3L. After review some papers, I am little confused with which type od key I should use. One paper mentions depending on the hardware token. What it is? and On p550, which should prefer?


  • 2.  Re: apply ssh - rsa vs dsa

    Posted Mon February 05, 2007 11:53 AM

    Originally posted by: SystemAdmin


    RSA keys were typically used with SSH v1, DSA is preferred in SSH v2.

    I'm not sure what you were reading, but hardware tokens can be setup so SSH will use for authentication.

    Since you are trying to use keys for authentication, have a look at Keychain, which is a handy script to help manage keys.

    http://www.gentoo.org/proj/en/keychain/

    Russell


  • 3.  Re: apply ssh - rsa vs dsa

    Posted Tue February 13, 2007 11:04 PM

    Originally posted by: SystemAdmin



    RSA, no doubt.

    DSA was created when we had export restrictions. Once those went away, RSA came back.

    OpenSSH supports two protocols and two types of keys and there are many release versions with different quirks.

    OpenSSH 2.2 supports both protocol 1 and 2 but amazingly, it only supports rsa keys in protocol 1 and dsa keys in protocol 2. It does not support rsa keys in protocol two, e.g., id_rsa keys. In addition, OpenSSH 2.2's ssh-keygen command cannot fingerprint, i.e., ssh-keygen -l, anything but rsa1 keys (rsa protocol 1), which makes keychain not be able to ssh-add anything but rsa1 keys (identity) to the ssh-agent.

    OpenSSH 3.5+ supports both rsa and dsa in protocol 2.

    I only have RSA keys and that way I don't get confused by some old sshd trying to use the wrong key with wrong protocol.

    BTW, RSA is stronger than DSA but that doesn't make much difference for the normal stuff we do.