On Wed, Jul 11, 2001 at 11:30:53AM +0900, Takuya Nozawa wrote:
> I have more question.
>
> In message <[EMAIL PROTECTED]>
> "Re: question about updating from SSH1"
> "Dave Dykstra <[EMAIL PROTECTED]>" wrote:
>
> > > I have a question about upgrading to OpenSSH.
> > > Now,I'm using ssh1.2.26 on Solaris 2.6-sparc,but I want to update
> > > my ssh environment for caring security.I couldn't get information
> > > for them on archive of this mail-list and FAQ.
> > >
> > > My question are..
> > > 1.Can I use my old keyfile for OpenSSH 2.5.2p2.
> > > If I chose this way,what kind of problem occur on my environment?
> >
> > Should work fine for protocol 1.
>
> I understood that I must use new key if I want to use protocol 2 .
> But I can use fine old keys for authentication of protocol 1 .
> Is it correct , my understanding?
Yes.
> > > 2.Can I use my old authorized_key file and known_hosts on other machine?
> > > If I chose this way,what kind of problem occur on my environment?
> >
> > There is a problem in that some keys generated by ssh1.2.26 are actually
> > 1023 bits even though it was reporting them to be 1024 bits. See
> > http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=99438723227424&w=2
>
> I understood that If I use old keys I will have got a message of "HOST
>IDENTIFICATION HAS CHANGED".
> Is it correct ,my understanding?
Sometimes, and without my patch. The problem is only when using a ssh 1.2.26
client with an OpenSSH server, and much of the time the keys really are
1024 bits and don't cause a problem.
> > > and Can I use SSH2 authorization on this environment?
> >
> > Only by generating a new key and using authorized_keys2 and known_hosts2,
> > although it looks like the current OpenSSH in CVS supports both kinds of
> > keys in authorized_keys and known_hosts.
>
> I understood that
> file of authorized_keys and known_hosts are for protocol1
> and file of authorized_keys2 and knwon_hosts2 are for protocol2
> but currect OpenSSH in CVS support all files.
> Is it correct ,my understanding?
Not quite. The current OpenSSH in CVS accepts keys for both protocols
in authorized_keys & known_hosts. It still supports authorized_keys2 and
known_hosts2 as well, I think by automatically moving (copying?) keys out
of there to the authorized_keys and known_hosts files.
- Dave Dykstra