From owner-freebsd-questions@FreeBSD.ORG  Tue Jun  5 20:49:40 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id A31AD16A400
	for <freebsd-questions@freebsd.org>;
	Tue,  5 Jun 2007 20:49:40 +0000 (UTC) (envelope-from cswiger@mac.com)
Received: from mail-out4.apple.com (mail-out4.apple.com [17.254.13.23])
	by mx1.freebsd.org (Postfix) with ESMTP id 9084713C45B
	for <freebsd-questions@freebsd.org>;
	Tue,  5 Jun 2007 20:49:40 +0000 (UTC) (envelope-from cswiger@mac.com)
Received: from relay6.apple.com (relay6.apple.com [17.128.113.36])
	by mail-out4.apple.com (Postfix) with ESMTP id 7379582549B;
	Tue,  5 Jun 2007 13:49:40 -0700 (PDT)
Received: from relay6.apple.com (unknown [127.0.0.1])
	by relay6.apple.com (Symantec Mail Security) with ESMTP id 5EBE21004D; 
	Tue,  5 Jun 2007 13:49:40 -0700 (PDT)
X-AuditID: 11807124-9fec6bb000000801-2b-4665cc64fc9c
Received: from [17.214.13.96] (cswiger1.apple.com [17.214.13.96])
	(using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	by relay6.apple.com (Apple SCV relay) with ESMTP id 4538510071;
	Tue,  5 Jun 2007 13:49:40 -0700 (PDT)
In-Reply-To: <200706051946.l55JkNO9025213@dc.cis.okstate.edu>
References: <200706051946.l55JkNO9025213@dc.cis.okstate.edu>
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <E867F26E-046E-4304-9D96-3752C5556262@mac.com>
Content-Transfer-Encoding: 7bit
From: Chuck Swiger <cswiger@mac.com>
Date: Tue, 5 Jun 2007 13:49:39 -0700
To: Martin McCormick <martin@dc.cis.okstate.edu>
X-Mailer: Apple Mail (2.752.2)
X-Brightmail-Tracker: AAAAAA==
Cc: freebsd-questions@freebsd.org
Subject: Re: Can a Cisco Device use RSA authentication for SSH
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jun 2007 20:49:40 -0000

On Jun 5, 2007, at 12:46 PM, Martin McCormick wrote:
> A person in our group is trying to scp files from a Cisco IOS
> device to a FreeBSD work station. The Cisco box uses an RSA key
> and sshd on the FreeBSD system won't recognize the algorithm.
> The error message on the Cisco side of things looks like:
>
>    000039: Jun  5 14:13:59.623 CDT: SSH2 0: hostkey algo not  
> supported:
>    client ssh-rsa, server ssh-dss
>
> Is there a safe way to make this work?

I'd imagine that you can use ssh-keygen to generate a replacement  
RSA1 or RSA2 host key rather than a DSA key:

   /usr/bin/ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N ''

...or "-t rsa" for a protocol-2 RSA key, if the Cisco can deal with  
those.

-- 
-Chuck