Re: dsa vers rsa ssh key

["Jason M. Leonard" <fuzz@xxxxxxxxxxxxx>]

On Mon, 4 Apr 2005, Terry Tree wrote:

> On Apr 3, 2005 6:42 PM, Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx> wrote:
> > :
> > :I'm looking at trying to use keys for my ssh logins instead of
> > :passwords but I'm unaware of which key type is the best.  What type do
> > :you guys typically use ?
> >
> >     Both work fairly well but DSA keys are considered to be more
> >     contemporary.   ssh-keygen -t dsa.
>
> Thanks.  Is it also possible to have more than one set of keys per
> user ?  I'm wanting to have a set of keys for my personal machines and
> a set of keys for my work machines.  When I try to place two keys
> inside the id_dsa file I can no longer login to any of the machines
> which I've setup the authorized_keys file on.

An ssh identity file (such as id_dsa) contains a single key.

Why do you want to do this?  You're pretty sure you are you, right?  And 
you're pretty sure you should be allowed to access both sets of machines, 
right?  If what you want to accomplish is to allow other users to access 
your work machines, make additional entries for their public keys in the 
target host's authorized_keys file.

If you really want to do it the way you describe, the easiest way is to 
use RSA keys for one (id_rsa) and DSA keys for the other (id_dsa)--ssh 
will do the right thing with no additional options.  To get fancier, see 
the -i option in the man page.


:Fuzz