From owner-freebsd-questions Wed Aug 9 17:16:40 2000 Delivered-To: freebsd-questions@freebsd.org Received: from giroc.albury.net.au (giroc.albury.NET.AU [203.15.244.13]) by hub.freebsd.org (Postfix) with ESMTP id B387A37B89E for ; Wed, 9 Aug 2000 17:16:29 -0700 (PDT) (envelope-from nicks@giroc.albury.net.au) Received: (from nicks@localhost) by giroc.albury.net.au (8.9.3/8.9.3) id KAA61826; Thu, 10 Aug 2000 10:16:12 +1000 (EST) Date: Thu, 10 Aug 2000 10:16:12 +1000 From: Nick Slager To: Forrest Aldrich Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Proper handling of OpenSSH Message-ID: <20000810101612.A51148@albury.net.au> References: <4.3.2.7.2.20000809160042.00c7f600@64.20.73.233> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4.3.2.7.2.20000809160042.00c7f600@64.20.73.233>; from forrie@forrie.com on Wed, Aug 09, 2000 at 04:02:26PM -0400 X-Homer: Whoohooooooo! Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Thus spake Forrest Aldrich (forrie@forrie.com): > The default installation of 4.1 has OpenSSH, and you need to manually > run ssh-keygen to generate an RSA key. Fine. > > But it prefers a DSA key when it starts up -- and it's not clear to > me, even after reading the ssh-keygen manpage, just how this is done. > When you provide an arg to the prompt using -X or -x it complains the > line is too long. > > Seems like there might be a better way, upon installation, to > accomplish some of this? I'm not too sure what you mean. If you want to generate a DSA key for a host, try this as root [taken from my /etc/rc.network]: # /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key A similar command line would work for generating your personal DSA key, although you would probably want to put a pass phrase on your key. If you want the ssh client to prefer DSA over RSA encryption, make sure you have the line: Protocol 2,1 in /etc/ssh/ssh_config, or your personal copy of that file in ~/.ssh. HTH, Nick. in -- From a Sun Microsystems bug report (#4102680): "Workaround: don't pound on the mouse like a wild monkey." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message