Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Re: Need help in SSH

by tobyink (Abbot)
on Jun 28, 2012 at 10:11 UTC ( #978876=note: print w/ replies, xml ) Need Help??


in reply to Need help in SSH

DSA is defined by a standard called FIPS 186. There have been four versions of this standard, each of which placed different requirements on the key length:

  • FIPS 186: allowed keys to be any multiple of 64 bits between 512 and 1024
  • FIPS 186-1: ???
  • FIPS 186-2: requires keys to be always 1024 bits
  • FIPS 186-3: allows keys to be 1024, 2048 or 3072 bits

Current versions of OpenSSH only allow you to use 1024 bit keys because 1024 is the only size that is allowed by all versions of the standard. Older versions (about 5 years ago or so) allowed other sizes.

You may be able to generate keys of other lengths using OpenSSL (I've not tried), but it's unlikely you'd be able to use them in SSH. You definitely can generate keys of different lengths using Crypt::DSA, but again it's unlikely you'd be able to use them for SSH purposes.

RSA keys allow you a greater variety of key sizes.

perl -E'sub Monkey::do{say$_,for@_,do{($monkey=[caller(0)]->[3])=~s{::}{ }and$monkey}}"Monkey say"->Monkey::do'


Comment on Re: Need help in SSH
Re^2: Need help in SSH
by Anonymous Monk on Jun 28, 2012 at 10:18 UTC
    thanks tobyink, but i updated my openSSH to the latest one i.e. 6.0 and openSSSl is also compatible with that. My ubuntu version is bit old i.e. 10.10. Is this could be the culprit? But again it 's not very much related with that error............right?

      Please read my answer again.

      Upgrading to a newer version of OpenSSL will not help you generate a 2048 bit DSA key. If you want a 2048 bit DSA key, then you need to downgrade to a very old version. (Or use something else to generate it - in which case it's unlikely SSH will accept it.)

      perl -E'sub Monkey::do{say$_,for@_,do{($monkey=[caller(0)]->[3])=~s{::}{ }and$monkey}}"Monkey say"->Monkey::do'
        Can't we upgrade from FIPS-2 to FIPS-3??

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://978876]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others taking refuge in the Monastery: (6)
As of 2014-12-22 03:03 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (110 votes), past polls