>
> Probably just a paranoid tendency, or perhaps a bad habbit.  On the other
> hand, I also always set ServerKeyBits to 2048, regen /etc/host_dsa_key,
> set Protocol=2 in /etc/sshd.conf, and alway drop "alias ssh='/usr/bin/ssh
> -v -2' " into /etc/profile, then chmod 0000 /usr/bin/rsh, rlogin, etc.

V2 protocol is incredibly slow, even with default keysize.
i always set Protocol=1,2 in sshd.conf and ssh.conf
>
> Basically it keeps people from doing stupid things.  Accountability I
> suppose.  Sometimes I think it helps me sleep better at night.
>
> Any other opinions on DSA key bit sizes? Probably just burning cycles
> though.
>
> --lava
>
> On Sun, 7 Oct 2001, Frederick Bruckman wrote:
>
> > On Sat, 6 Oct 2001, Brian A. Seklecki wrote:
> >
> > > On the source host:
> > >
> > > user@host% ssh-keygen -b 2048 -P '' -t dsa
> > >
> > > Then copy that user's ~/.ssh/id_dsa.pub to the remote users's
> > > ~/.ssh/authorized_keys2
> >
> > Ah, that was the clue I was looking for... I'd copied the contents of
> > id_dsa.pub to authorized_keys, not authorized_keys2. Now I can add a
> > key to the agent, and all is fine.
> >
> > Any reason why you recommend 2048 bit keys (and no passphrase)?
> > ssh-keygen(1) says anything over 1024 (the default) just slows things
> > down.
> >
> > Frederick
> >
> >
> >
>