Date: Thu, 10 Aug 2000 10:16:12 +1000 From: Nick Slager <nicks@albury.net.au> To: Forrest Aldrich <forrie@forrie.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Proper handling of OpenSSH Message-ID: <20000810101612.A51148@albury.net.au> In-Reply-To: <4.3.2.7.2.20000809160042.00c7f600@64.20.73.233>; from forrie@forrie.com on Wed, Aug 09, 2000 at 04:02:26PM -0400 References: <4.3.2.7.2.20000809160042.00c7f600@64.20.73.233>
next in thread | previous in thread | raw e-mail | index | archive | help
Thus spake Forrest Aldrich (forrie@forrie.com): > The default installation of 4.1 has OpenSSH, and you need to manually > run ssh-keygen to generate an RSA key. Fine. > > But it prefers a DSA key when it starts up -- and it's not clear to > me, even after reading the ssh-keygen manpage, just how this is done. > When you provide an arg to the prompt using -X or -x it complains the > line is too long. > > Seems like there might be a better way, upon installation, to > accomplish some of this? I'm not too sure what you mean. If you want to generate a DSA key for a host, try this as root [taken from my /etc/rc.network]: # /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key A similar command line would work for generating your personal DSA key, although you would probably want to put a pass phrase on your key. If you want the ssh client to prefer DSA over RSA encryption, make sure you have the line: Protocol 2,1 in /etc/ssh/ssh_config, or your personal copy of that file in ~/.ssh. HTH, Nick. in -- From a Sun Microsystems bug report (#4102680): "Workaround: don't pound on the mouse like a wild monkey." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000810101612.A51148>