Re: Need help in SSH

DSA is defined by a standard called FIPS 186. There have been four versions of this standard, each of which placed different requirements on the key length:

FIPS 186: allowed keys to be any multiple of 64 bits between 512 and 1024
FIPS 186-1: ???
FIPS 186-2: requires keys to be always 1024 bits
FIPS 186-3: allows keys to be 1024, 2048 or 3072 bits

Current versions of OpenSSH only allow you to use 1024 bit keys because 1024 is the only size that is allowed by all versions of the standard. Older versions (about 5 years ago or so) allowed other sizes.

You may be able to generate keys of other lengths using OpenSSL (I've not tried), but it's unlikely you'd be able to use them in SSH. You definitely can generate keys of different lengths using Crypt::DSA, but again it's unlikely you'd be able to use them for SSH purposes.

RSA keys allow you a greater variety of key sizes.

perl -E'sub Monkey::do{say$_,for@_,do{($monkey=[caller(0)]->[3])=~s{::}{ }and$monkey}}"Monkey say"->Monkey::do'

Comment on Re: Need help in SSH

Replies are listed 'Best First'.
Re^2: Need help in SSH by Anonymous Monk on Jun 28, 2012 at 10:18 UTC
thanks tobyink, but i updated my openSSH to the latest one i.e. 6.0 and openSSSl is also compatible with that. My ubuntu version is bit old i.e. 10.10. Is this could be the culprit? But again it 's not very much related with that error............right?	[reply]
Re^3: Need help in SSH by tobyink (Canon) on Jun 28, 2012 at 10:30 UTC
Please read my answer again. Upgrading to a newer version of OpenSSL will not help you generate a 2048 bit DSA key. If you want a 2048 bit DSA key, then you need to downgrade to a very old version. (Or use something else to generate it - in which case it's unlikely SSH will accept it.) `perl -E'sub Monkey::do{say$_,for@_,do{($monkey=[caller(0)]->[3])=~s{::}{ }and$monkey}}"Monkey say"->Monkey::do'`	[reply]
Re^4: Need help in SSH by Anonymous Monk on Jun 28, 2012 at 10:41 UTC
Can't we upgrade from FIPS-2 to FIPS-3??	[reply]