ssh-keygen between SuSE and FreeBSD

Gavin Spomer spomerg at cwu.EDU
Thu Aug 14 17:41:21 UTC 2008

>>> Ronald Klop <ronald-freebsd8 at> 08/14/08 10:34 AM >>>
> >> I'm not quite sure right now why you're using rsa keys. I'm always using
> >> dsa keys (ssh-keygen -t dsa). It comes to my mind, that rsa keys are for
> >> ssh version 1, while dsa keys are for ssh version 2.
> >> But I could be wrong here ;)
> >> No man ssh handy right now, sorry.
> >
> > If that's true, then I believe I will start using the dsa ones! I think  
> > I chose rsa because the FreeBSD manual indicated I could use either and  
> > I could only find settings for enabling rsa in sshd_config on the remote  
> > servers, but I'll look again...
> This story about rsa and dsa is not true.
> Rsa wasn't free (patents or something else) until a few years ago. So  
> everybody used dsa. But since quite some time it doesn't matter what you  
> use. I don't know about advantages of one above the other. In daily use  
> they are the same.
> Ronald.

Thanks for more info. Maybe some people think that because of the following lines in sshd.config?

# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_dsa_key

Although the 2nd line *doesn't* read "#HostKey /etc/ssh/ssh_host_rsa_key", maybe people are associating dsa with protocol 2 because of the 3rd and 4th lines?

More information about the freebsd-stable mailing list