sshd appears to be broken when both host rsa and dsa key file present
Jordan Gordeev
jgordeev at dir.bg
Mon Jan 26 09:27:23 PST 2009
Simon 'corecode' Schubert wrote:
Matthew Dillon wrote:
:Would there really be any reason to change it back. I assume they changed RSA
:to being the default is because the patent is expired. Also, according to my
:notes,
:
: RSA is preferable in most cases, since DSA is slower
: and cannot encrypt in and of itself (DSA is a signing
: algorithm only). RSA can be used to encrypt files.
Yes, because ssh will unexpectedly stop working in automated scripts
if we change the default as the related keys will not be in the
known_hosts file.
The real question for me is, why is the server only offering one key or why is the client not checking for the DSA key it already knows?
Configure your client to prefer the other algorithm and run it against a
known server with as many -v options as appropriate.
Read the debug output and the message that ssh displays.
cheers
simon
More information about the Bugs
mailing list