DragonFly bugs List (threaded) for 2009-01
DragonFly BSD
DragonFly bugs List (threaded) for 2009-01
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: sshd appears to be broken when both host rsa and dsa key file present


From: Jordan Gordeev <jgordeev@xxxxxx>
Date: Mon, 26 Jan 2009 19:00:05 +0200

Matthew Dillon wrote:

:Would there really be any reason to change it back.  I assume they changed RSA
:to being the default is because the patent is expired.  Also, according to my
:notes,
:
:    RSA is preferable in most cases, since DSA is slower
:    and cannot encrypt in and of itself (DSA is a signing
:    algorithm only).  RSA can be used to encrypt files.

Yes, because ssh will unexpectedly stop working in automated scripts
if we change the default as the related keys will not be in the known_hosts file.


-Matt
Matthew Dillon <dillon@backplane.com>


The change has already been made in the development version. Time has passed. Any automated scripts that could break should have done it by now.
We can keep the current order and put a big note in the release notes for DragonFly 2.2.
I believe that RSA is preferred to DSA as DSA is limited to 1024-bit keys, while RSA key size is more or less unlimited.





[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]