Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?

Re: Need help in SSH

by tobyink (Abbot)
on Jun 28, 2012 at 10:11 UTC ( #978876=note: print w/replies, xml ) Need Help??

in reply to Need help in SSH

DSA is defined by a standard called FIPS 186. There have been four versions of this standard, each of which placed different requirements on the key length:

  • FIPS 186: allowed keys to be any multiple of 64 bits between 512 and 1024
  • FIPS 186-1: ???
  • FIPS 186-2: requires keys to be always 1024 bits
  • FIPS 186-3: allows keys to be 1024, 2048 or 3072 bits

Current versions of OpenSSH only allow you to use 1024 bit keys because 1024 is the only size that is allowed by all versions of the standard. Older versions (about 5 years ago or so) allowed other sizes.

You may be able to generate keys of other lengths using OpenSSL (I've not tried), but it's unlikely you'd be able to use them in SSH. You definitely can generate keys of different lengths using Crypt::DSA, but again it's unlikely you'd be able to use them for SSH purposes.

RSA keys allow you a greater variety of key sizes.

perl -E'sub Monkey::do{say$_,for@_,do{($monkey=[caller(0)]->[3])=~s{::}{ }and$monkey}}"Monkey say"->Monkey::do'

Replies are listed 'Best First'.
Re^2: Need help in SSH
by Anonymous Monk on Jun 28, 2012 at 10:18 UTC
    thanks tobyink, but i updated my openSSH to the latest one i.e. 6.0 and openSSSl is also compatible with that. My ubuntu version is bit old i.e. 10.10. Is this could be the culprit? But again it 's not very much related with that error............right?

      Please read my answer again.

      Upgrading to a newer version of OpenSSL will not help you generate a 2048 bit DSA key. If you want a 2048 bit DSA key, then you need to downgrade to a very old version. (Or use something else to generate it - in which case it's unlikely SSH will accept it.)

      perl -E'sub Monkey::do{say$_,for@_,do{($monkey=[caller(0)]->[3])=~s{::}{ }and$monkey}}"Monkey say"->Monkey::do'
        Can't we upgrade from FIPS-2 to FIPS-3??

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://978876]
and the monastery is silent...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (4)
As of 2017-02-26 07:10 GMT
Find Nodes?
    Voting Booth?
    Before electricity was invented, what was the Electric Eel called?

    Results (371 votes). Check out past polls.