Subject: Re: "ssh" with SSHv2 public key buggy?
To: Frederick Bruckman <fredb@immanent.net>
From: User LAVALAMP <lavalamp@main.burghcom.com>
List: netbsd-users
Date: 10/07/2001 20:54:23
Probably just a paranoid tendency, or perhaps a bad habbit. On the other
hand, I also always set ServerKeyBits to 2048, regen /etc/host_dsa_key,
set Protocol=2 in /etc/sshd.conf, and alway drop "alias ssh='/usr/bin/ssh
-v -2' " into /etc/profile, then chmod 0000 /usr/bin/rsh, rlogin, etc.
Basically it keeps people from doing stupid things. Accountability I
suppose. Sometimes I think it helps me sleep better at night.
Any other opinions on DSA key bit sizes? Probably just burning cycles
though.
--lava
On Sun, 7 Oct 2001, Frederick Bruckman wrote:
> On Sat, 6 Oct 2001, Brian A. Seklecki wrote:
>
> > On the source host:
> >
> > user@host% ssh-keygen -b 2048 -P '' -t dsa
> >
> > Then copy that user's ~/.ssh/id_dsa.pub to the remote users's
> > ~/.ssh/authorized_keys2
>
> Ah, that was the clue I was looking for... I'd copied the contents of
> id_dsa.pub to authorized_keys, not authorized_keys2. Now I can add a
> key to the agent, and all is fine.
>
> Any reason why you recommend 2048 bit keys (and no passphrase)?
> ssh-keygen(1) says anything over 1024 (the default) just slows things
> down.
>
> Frederick
>
>
>