Re: How Does One force Use of DSA Keys under Linux?
Martin McCormick wrote:
> I recently needed to clear out some old entries from the
> .ssh/known_hosts file on a Debian system and discovered that I
> couldn't tell which system key was which because they were all
> type rsa keys instead of the type DSA keys which do contain a
> field with either the host name or its IP address.
>
> Is there a way in Linux to make ssh get the type DSA host keys?
> I presently see the following message when adding a new host to
> known_hosts:
>
> Warning: Permanently added 'remote.host.okstate.edu,192.168.8.9' (RSA)
> to the list of known hosts.
>
> When a FreeBSD system connects to a Debian host as an
> example, it automatically knows to add the dsa host key.
>
> This is no show stopper by any means, but why is this
> happening? Thanks.
>
Not dependant on RSA vs DSA, but the value HashKnownHosts in
/etc/ssh/ssh_config
man ssh_config
HashKnownHosts
Indicates that ssh(1) should hash host names and addresses when they are
added to ~/.ssh/known_hosts. These hashed names may be used normally by
ssh(1) and sshd(8), but they do not reveal identifying information
should the file's contents be disclosed. The default is ``no''. Note
that existing names and addresses in known hosts files will not be
converted automatically, but may be manually hashed using ssh-keygen(1).
HTH,
--
Jim Barnes
Reply to: