2

For testing purposes, I would like to enable DSA authentication on my server (let's name it A). If I remove all the key pairs located under /etc/ssh, both RSA and DSA key pairs are generated on sshd restart.

The consequence is that, if I try to open a SSH connection from a server B to this server A, the following message is displayed :

The authenticity of host '...' can't be established. RSA key fingerprint is ... Are you sure you want to continue connecting (yes/no)?

Do you know a way to disable the RSA authentication so that my server B uses the DSA to authentify on server A ?

Improve this question
4
  • What versions of ssh client and ssh server are you using? Commented Nov 4, 2015 at 11:33
  • @AlexHolst Both servers use OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 with protocol SSH 2. Commented Nov 4, 2015 at 13:35
  • Are you quite sure you want to use DSA? The rest of the world has largely abandoned it, and for good reasons. Commented Nov 4, 2015 at 17:39
  • @MichaelHampton I know. As I said, this is for testing purposes. I manage a Java application which connects interactively to remote network equipments. Most of those use RSA, but unfortunately we have figured out that a few of them still use DSA. Thus, for having my application be compatible with those equipments, I have to use DSA on one of my test equipments so that I can test my modifications. Commented Nov 5, 2015 at 10:55

1 Answer 1

Reset to default
1

If I remove all the key pairs located under /etc/ssh, both RSA and DSA key pairs are generated on sshd restart.

If you are using CentOS/RHEL/Fedora, we generate missing keys automatically, based on the content of file /etc/sysconfig/sshd, where you should define, if you don't want to generate some of the keys.

Do you know a way to disable the RSA authentication so that my server B uses the DSA to authentify on server A ?

If you want your server to use only DSA keys, you should change your /etc/ssh/sshd_config and add HostKey /etc/ssh/ssh_host_dsa_key (and remove the lines specifying the other keys if you have such).

Improve this answer
1
  • Perfect. I used ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key to generate the DSA key manually and now it works as expected. Thank you. Commented Nov 4, 2015 at 14:22

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.