1

In ssh_config I have the HostKeyAlgorithms parameter where I can enforce the use of DSS algorithm for the key, like:

HostKeyAlgorithms "ssh-dss"

How can I do this in sshd_config (daemon config) in order to enforce that all connections incoming should use the ssh-dss instead of ssh-rsa ?

Aldebaran
  • 335
  • 3
  • 12
  • I'm curious - why would you want to require the use of DSA (instead of say RSA or other options)? – Ram Jul 14 '12 at 23:11

2 Answers2

2

remove

HostKey /etc/ssh/ssh_host_rsa_key
from sshd_config.

I have to note that using 1024 bit keys with either RSA or DSA is no longer considered secure and standard DSA limits key size to 1024 bits (though OpenSSH can generate DSA keys up to 2048bits)

Hubert Kario
  • 6,351
  • 6
  • 33
  • 65
0

"OpenSSH 7.0 and greater similarly disable the ssh-dss (DSA) public key algorithm. It too is weak and we recommend against its use."

Source : https://www.openssh.com/legacy.html

bgtvfr
  • 1,224
  • 10
  • 19