howto:
1) generate server key:
- $ umask 077
- $ openssl dsaparam 1024 -out dsa1024.pem
- $ openssl gendsa -out /etc/ssh_dsa_key dsa1024.pem -rand /dev/arandom
+ $ ssh-keygen -d -f /etc/ssh_host_dsa_key -N ''
2) enable ssh2:
server: add 'Protocol 2,1' to /etc/sshd_config
client: ssh -o 'Protocol 2,1', or add to .ssh/config
+ 3) interop w/ ssh.com dsa-keys:
+ ssh-keygen -f /key/from/ssh.com -X >> ~/.ssh/authorized_keys2
+ and vice versa
+ ssh-keygen -f /privatekey/from/openssh -x > ~/.ssh2/mykey.pub
+ echo Key mykey.pub >> ~/.ssh2/authorization
works:
secsh-transport: works w/o rekey
key database in ~/.ssh/known_hosts with bits == 0 hack
dss: signature works, keygen w/ openssl
client interops w/ sshd2, lshd
- server interops w/ ssh2, lsh, ssh.com's Windows client, SecureCRT
+ server interops w/ ssh2, lsh, ssh.com's Windows client, SecureCRT, F-Secure SSH Client 4.0
server supports multiple concurrent sessions (e.g. with SSH.com Windows client)
todo:
re-keying