Solaris 9 ssh authentication options

Solaris 9 ssh authentication options

Post by Rich Tee » Wed, 23 Oct 2002 09:42:31



Hi all,

Assuming the use of SSHv2 (OpenSSH or Solaris SSH), what
encryption method is "better" rsa or dsa (presumably, rsa1
should be avoided) for use with public keys?

Compatibilty with SSHv1.5 protocol is not a requirement.

Judging by the length of the public key files, dsa would be
prefered, although rsa has a longer private key (but much
shorter public key).  Anyways, I thought I'd see what the
consensus of opinion was here.

Thanks,

--
Rich Teer

President,
Rite Online Inc.

Voice: +1 (250) 979-1638
URL: http://www.rite-online.net

 
 
 

Solaris 9 ssh authentication options

Post by Anthony Mandi » Wed, 23 Oct 2002 20:25:31



> Assuming the use of SSHv2 (OpenSSH or Solaris SSH), what
> encryption method is "better" rsa or dsa (presumably, rsa1
> should be avoided) for use with public keys?

> Compatibilty with SSHv1.5 protocol is not a requirement.

> Judging by the length of the public key files, dsa would be
> prefered, although rsa has a longer private key (but much
> shorter public key).

        That shouldn't matter. The two prime factors used multiple
        to one larger number. Obviously having two longer ones would
        result in a longer number that is harder to factor.

Quote:> Anyways, I thought I'd see what the consensus of opinion was here.

        The issues is how many bits - 40, 128, 1K or whatever?

-am     ? 2002

 
 
 

Solaris 9 ssh authentication options

Post by Bitt Faul » Wed, 23 Oct 2002 22:04:51



> Assuming the use of SSHv2 (OpenSSH or Solaris SSH), what
> encryption method is "better" rsa or dsa (presumably, rsa1
> should be avoided) for use with public keys?

IANACryptographer, however:

It is my understanding that DSA contains a problem whereby poorly
generated DSA keys and signatures can give away the private key.

<http://download.baltimore.com/keytools/docs/v50/crypto/
        c-docs/html/cryptocdevguide-12.3.html>

Supposedly, it's easily possible to avoid this type of poorly generated
key, but I don't trust it nonetheless.

--
Bitt Faulk

 
 
 

Solaris 9 ssh authentication options

Post by Rich Tee » Thu, 24 Oct 2002 01:00:53



Quote:> It is my understanding that DSA contains a problem whereby poorly
> generated DSA keys and signatures can give away the private key.

> <http://download.baltimore.com/keytools/docs/v50/crypto/
>         c-docs/html/cryptocdevguide-12.3.html>

> Supposedly, it's easily possible to avoid this type of poorly generated
> key, but I don't trust it nonetheless.

Hmm, that might explain why rsa is the first mechanism tried.

Thanks,

--
Rich Teer

President,
Rite Online Inc.

Voice: +1 (250) 979-1638
URL: http://www.rite-online.net

 
 
 

1. SSH Remote access Always getting: Disconnected; authentication error (No further authentication methods available).

2 computers (ip: x.225 (linuxserver) and x.226 (radam))

Both i have installed the ssh-2.0.13
Both i run the sshd.

I have followed the Quickstart on both:
generating keys
created identification file
copied the pub keys of each other (x.226 and x.225 computers)
created authorization file

But after that i always get the above error back when i connect to a remote
computer
(from x.225)


Disconnected; authentication error (No further authentication methods
available).

But when i connect to the local host (x.225) then it works:


Accepting host 192.168.0.225 key without checking.
johan's password:
Last login: Wed Mar 15 2000 15:13:07 +0100
No mail.

What i am doing wrong?

greetings
johan

2. Is there any web site that i can download a sun unix 2.7 for pc boot disk?

3. F-Secure SSH Client (Win) cannot connect to Solaris 9 SSH

4. adaptec SCSI & removeable disk

5. can ssh-agent work between ssh-2.3 and ssh-3.5

6. Need menu for logins.

7. SSH authentication failed - why?

8. NIS question

9. Ssh newbie question: publickey authentication method fails

10. ssh login with rsa/dsa authentication

11. ssh authentication

12. ssh and xdm : authentication not working

13. SSH authentication ?