Probably just a paranoid tendency, or perhaps a bad habbit.  On the other
hand, I also always set ServerKeyBits to 2048, regen /etc/host_dsa_key,
set Protocol=2 in /etc/sshd.conf, and alway drop "alias ssh='/usr/bin/ssh
-v -2' " into /etc/profile, then chmod 0000 /usr/bin/rsh, rlogin, etc.

Basically it keeps people from doing stupid things.  Accountability I
suppose.  Sometimes I think it helps me sleep better at night.

Any other opinions on DSA key bit sizes? Probably just burning cycles
though.

--lava

On Sun, 7 Oct 2001, Frederick Bruckman wrote:

> On Sat, 6 Oct 2001, Brian A. Seklecki wrote:
>
> > On the source host:
> >
> > user@host% ssh-keygen -b 2048 -P '' -t dsa
> >
> > Then copy that user's ~/.ssh/id_dsa.pub to the remote users's
> > ~/.ssh/authorized_keys2
>
> Ah, that was the clue I was looking for... I'd copied the contents of
> id_dsa.pub to authorized_keys, not authorized_keys2. Now I can add a
> key to the agent, and all is fine.
>
> Any reason why you recommend 2048 bit keys (and no passphrase)?
> ssh-keygen(1) says anything over 1024 (the default) just slows things
> down.
>
> Frederick
>
>
>