From owner-freebsd-questions  Thu Jun 29 13:52:29 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from ptavv.es.net (ptavv.es.net [198.128.4.29])
	by hub.freebsd.org (Postfix) with ESMTP id 6360A37C145
	for <freebsd-questions@FreeBSD.ORG>; Thu, 29 Jun 2000 13:52:22 -0700 (PDT)
	(envelope-from oberman@ptavv.es.net)
Received: from ptavv.es.net (localhost [127.0.0.1])
	by ptavv.es.net (8.10.1/8.10.1) with ESMTP id e5TKqDn08850;
	Thu, 29 Jun 2000 13:52:13 -0700 (PDT)
Message-Id: <200006292052.e5TKqDn08850@ptavv.es.net>
To: Forrest Aldrich <forrie@forrie.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Changes in OpenSSH on FreeBSd 
In-reply-to: Your message of "Thu, 29 Jun 2000 14:05:55 EDT."
             <4.3.2.7.2.20000629140433.00bfbd60@64.20.73.233> 
Date: Thu, 29 Jun 2000 13:52:13 -0700
From: "Kevin Oberman" <oberman@es.net>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> Date: Thu, 29 Jun 2000 14:05:55 -0400
> From: Forrest Aldrich <forrie@forrie.com>
> Sender: owner-freebsd-questions@FreeBSD.ORG
> 

> With the new support for SSH2 in OpenSSH, we noticed the error
> message about DSA (ie: reverting to protocol version 1 due to the
> absense of ssh_host_dsa_key or whatever).  The manpages don't appear
> to address just how we're supposed to GET that key there to begin
> with.  ssh-keygen doesn't have an option for DSA keys.

Could you please wrap your lines at <78 characters!

I think you may have a conflict between the old ssh/openssh ports in
/usr/local/man and the new stuff in /usr/man. My man pages are pretty
clear that you use the -d option on ssh-keygen to make a DSA key.

DESCRIPTION
     ssh-keygen generates and manages authentication keys for ssh(1).  ssh-
     keygen defaults to generating an RSA key for use by protocols 1.3 and
     1.5; specifying the -d flag will create a DSA key instead for use by pro-
     tocol 2.0.

% ssh-keygen -d -P "" -f ssh_host_dsa_key
did the trick for me.

The residue from prior installations of ssh1, ssh2, or openssh can
cause great confusion.

I think UPDATING might need a note that you should delete any of those
packages prior to an installworld.

R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman@es.net			Phone: +1 510 486-8634


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message