[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: db.debian.org/password.html : Why ~/.ssh/id_dsa.pub to setup OpenSSH for RSA



Osamu Aoki wrote:
> Hi,
> 
> Recent openssl issue lead me to http://db.debian.org/password.html and
> made me wonder why script example uses DSA key while main text only
> talks about RSA key.

The text talks about RSA keys as they are preferred over DSA keys.

> | Alternatively, you can do without a password and use PGP to manipulate your
> | LDAP information through the mail gateway and use SSH RSA Authentication to
> | access the servers. To setup OpenSSH for RSA you need to first generate a
> | private RSA key using ssh-keygen and select a good passphrase for it. Then send
> | the public portion of the key to the LDAP directory:
> | 
> | gpg --clearsign < ~/.ssh/id_dsa.pub | mail change@db.debian.org
> | 
> | NB: Only version 2 RSA keys are accepted. Version 1 RSA keys (i.e. identity.pub
> | files) will not work.
> 
> 
> If main text is s/RSA/RSA\/DSA/g , I understand script example but ...
> 
> Is there any reason to use DSA key insted of RSA key(~/.ssh/id_rsa.pub) ?

On the contrary, it's better to use RSA keys as they can be bigger and
are faster.

Cheers

Luk


Reply to: