[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SecurityPortal re: Attacks on SSH and SSL

On Thu, Dec 21, 2000 at 03:32:17AM +0000, Jim Breton wrote:
> On Mon, Dec 18, 2000 at 06:07:33PM +0000, Lars Hecking wrote:
> >  
> >  On a related note, is it possible (or does it actually make sense) to
> >  generate a fingerprint for a DSA host key?
> >  
> > $ ssh-keygen -l -f /etc/ssh_host_dsa_key
> > /etc/ssh_host_dsa_key is not a valid key file.
> Does anyone know how to check the fingerprint of a DSA key?  I noticed
> this too, Lars beat me to the post though.  ;)  This is definitely an
> important matter, unless I'm missing something.

Well, if you look at ssh-keygen.c, there is the little comment,

        /* XXX RSA1 only */

Which may be a clue. It does not look like it is supported. Not sure
why at a quick glance... the key_fingerprint() call seems to work on

Crist J. Clark                           cjclark_(_at_)_alum_(_dot_)_mit_(_dot_)_edu

Visit your host, monkey.org