Wednesday, July 21, 2010

RAC User Equivalence - RSA and DSA

Why to use both the RSA and DSA while configuring SSH for User Equivalence?

There are two versions of the SSH protocol; version 1 uses RSA and version 2 uses DSA, so we will create both types of keys to ensure that SSH can use either version. The ssh-keygen program will generate public and private keys of either type depending upon the parameters passed to it.

Most SSH clients support both SSH protocols (SSH1 and SSH2). SSH2 is regarded as a more secure protocol, so many users like to make certain it is used first, before any connection using SSH1 is attempted (this is in case the remote server doesn't support your primary protocol selection, it can fall back to the other). It is highly recommended that users should configure their clients for the SSH2 protocol for the first connection attempt.

* The SSH1 protocol supports RSA keys.
* The SSH2 protocol supports RSA and DSA keys.

In order to make sure that the connection is success, we use both RSA and DSA while configuring SSH for user equivalence.

Usage for RSA:

ssh-keygen -t rsa

Usage for DSA:

ssh-keygen -t dsa