AIX

Originally posted by: SystemAdmin

we have two AIX p550 with 5.3L. After review some papers, I am little confused with which type od key I should use. One paper mentions depending on the hardware token. What it is? and On p550, which should prefer?

Originally posted by: SystemAdmin

RSA keys were typically used with SSH v1, DSA is preferred in SSH v2.

I'm not sure what you were reading, but hardware tokens can be setup so SSH will use for authentication.

Since you are trying to use keys for authentication, have a look at Keychain, which is a handy script to help manage keys.

http://www.gentoo.org/proj/en/keychain/

Russell

Originally posted by: SystemAdmin

RSA, no doubt.

DSA was created when we had export restrictions. Once those went away, RSA came back.

OpenSSH supports two protocols and two types of keys and there are many release versions with different quirks.

OpenSSH 2.2 supports both protocol 1 and 2 but amazingly, it only supports rsa keys in protocol 1 and dsa keys in protocol 2. It does not support rsa keys in protocol two, e.g., id_rsa keys. In addition, OpenSSH 2.2's ssh-keygen command cannot fingerprint, i.e., ssh-keygen -l, anything but rsa1 keys (rsa protocol 1), which makes keychain not be able to ssh-add anything but rsa1 keys (identity) to the ssh-agent.

OpenSSH 3.5+ supports both rsa and dsa in protocol 2.

I only have RSA keys and that way I don't get confused by some old sshd trying to use the wrong key with wrong protocol.

BTW, RSA is stronger than DSA but that doesn't make much difference for the normal stuff we do.