SSH Stuff

13. Keys with OpenSSH at on end and SSH Comms Sec at the Other

Using keys with OpenSSH at one end and software from SSH Communications Security at the other (e.g., OpenSSH client, SSH Comms server) can be troublesome to get working as the keys are in different formats, but it can be done.

13.1. OpenSSH Client to SSH Communications Server

A problem presents itself --- the keys used by the differnt products are in a different format. The easiest way forward is to use a facility offered by OpenSSH's ssh-keygen,

    /usr/bin/ssh-keygen -x

which will take a private OpenSSH-generated key and output the corresponding public key for use with an SSH Communications daemon/server. So:

ensure both client and server accept public keys as authentication;
generate public/private key-pair on the OpenSSH client (in ~/.ssh);
copy the public key from the client to the SSH Comms server (in ~/.ssh2);
on the SSH Comms server, edit ~.ssh2/authorization appropriately;
ensure permissions are correct on files and directories on both client and server.

If necessary, debug using verbose/debug options to both client and server, and strace -f or truss -f .

13.2. SSH Communications Client to OpenSSH Server

Client side (whizz), /root/.ssh2:

 -- .sshd                is chmod 700
 -- .sshd/identification          600
 -- .sshd/sunshine                600
 -- .sshd/sunshine.pub            600 


 -- cat identification :

        idkey sunshine

 -- cat sunshine.pub : 

        ---- BEGIN SSH2 PUBLIC KEY ----
        Subject: root
        Comment: "1024-bit dsa, root@whizz.umist.ac.uk, Tue Jan 06 2004 14:43:5\
        0"
        AAAAB3NzaC1kc3MAAACBAKAKO1qBoVSOiwAZ/57wi/Sl9qzfFL2SpL7L/Z1W8/bULaispq
        DKpC8b3Y//TS+kXKind2lJMOhdN7AmPdhgTaHCOn+45FGiqmXn9OJ0Agg6ZEarXzy8AfEh
        NBmIoXUQXKPKAN1dVp5ozE94m4HOb4J6kjMwTfbAqAmETRHlRfkPAAAAFQCvlhDMwPxDcB
        IlERuRJDhKflt3awAAAIEAmkj7LE/QzlreF90Bf3i94fExe0aEJl/f5IrsDERW1JYwPuvb
        JgXhi5MHvU/KQvILs0dne3uwa/Q19FbjhZGcm461TcShWfubGjShMzwJzxBdCFqG4jx92V
        0hlDUtoFMlP6TUJum0ILhe79nDsycrp1X4MrTVGx8WA1ocqhBq8pAAAACAfEKtZyRYiE4f
        7ze8bKfnbxSaImypD471LLz/VvjtwMW3Y4yWPqNHep688r7rn4rsEXuYQQNmLh2MNQRpIs
        nyf5ES6HK1jXj/zvujxRSllRVCizVn7+mpu5ToeRvKzvcD7Iwel23pKPTFljXcoPzIvAbZ
        t0URMP33K+6Q7VMJ5K8=
        ---- END SSH2 PUBLIC KEY ----

key is 70 character lines;
other info in email-style Header: format;
BEGIN and END delimiters.

Server side, sunshine, /root/.ssh:

 -- .sshd                 is chmod 700
 -- .sshd/authorized_keys          600

 -- cat /root/.ssh/authorized_keys 

        #---- BEGIN SSH2 PUBLIC KEY ----
        #Subject: root
        #Comment: "1024-bit dsa, root@whizz.umist.ac.uk, Tue Jan 06 2004 14:43:50"
        ssh-dss AAAAB3NzaC1kc3MAAACBAKAKO1qBoVSOiwAZ/57wi/Sl9qzfFL2SpL7L/Z1W8/bULaispqDKpC8b3Y//TS+kXKind2lJMOhdN7AmPdhgTaHCOn+45FGiqmXn9OJ0Agg6ZEarXzy8AfEhNBmIoXUQXKPKAN1dVp5ozE94m4HOb4J6kjMwTfbAqAmETRHlRfkPAAAAFQCvlhDMwPxDcBIlERuRJDhKflt3awAAAIEAmkj7LE/QzlreF90Bf3i94fExe0aEJl/f5IrsDERW1JYwPuvbJgXhi5MHvU/KQvILs0dne3uwa/Q19FbjhZGcm461TcShWfubGjShMzwJzxBdCFqG4jx92V0hlDUtoFMlP6TUJum0ILhe79nDsycrp1X4MrTVGx8WA1ocqhBq8pAAAACAfEKtZyRYiE4f7ze8bKfnbxSaImypD471LLz/VvjtwMW3Y4yWPqNHep688r7rn4rsEXuYQQNmLh2MNQRpIsnyf5ES6HK1jXj/zvujxRSllRVCizVn7+mpu5ToeRvKzvcD7Iwel23pKPTFljXcoPzIvAbZt0URMP33K+6Q7VMJ5K8= root@whizz.umist.ac.uk 
        #---- END SSH2 PUBLIC KEY ----

whole key on one line: type key user@host;
type is ssh-rsa or ssh-dss, yes DSS, not DSA;

...previous

up (conts)

next...

About this document:

Produced from the SGML: /home/mc/public_html/_ssh/_reml_grp/ssh.reml
On: 4/4/2006 at 17:51:25
Options: reml2 -i noindex -l long -o html -p multiple