Tuesday, May 4, 2010

How to make SSH2 work with OpenSSH

The commercial version of SSH2 uses a different key format than the OpenSSH. This guide shows how to make them inter-operate with each other with public key authentication.
 a. OpenSSH server and SSH2 client
Suppose you already generated an RSA2 key pair on your SSH2 client machine, and the public key is stored at ~/.ssh2/id_rsa_1024_a.pub. The following procedure applies to DSA key pairs too.
  1. Copy your SSH2 public key from your SSH2 client machine to your OpenSSH server like: 
    scp ~/.ssh2/id_rsa_1024_a.pub server:.ssh/rsa_ssh2.pub
    If you can't copy the public key because the password authentication is disabled, you can email it to the system administrator and ask him/her to do the following for you (~/ is your home directory).
  2. Run the OpenSSH version of ssh-keygen on the server to convert the SSH2 public key to into the format needed by OpenSSH: 
    ssh-keygen -i -f ~/.ssh/rsa_ssh2.pub > ~/.ssh/rsa_openssh.pub
  3. Append this newly generated OpenSSH public key to your authorization file on the server: 
    cat ~/.ssh/rsa_openssh.pub >> ~/.ssh/authorized_keys2
  4. Once this is done, the .pub files you created are no longer needed so you can remove them if you like.
Now your SHH2 client should be able to connect to the OpenSSH server with the public key authentication.
 b. SSH2 server and OpenSSH client
By default, the public key is stored at ~/.ssh/id_dsa.pub.
  1. Run the OpenSSH version of ssh-keygen on the OpenSSH client machine to convert the OpenSSH public key into the format needed by SSH2: 
    ssh-keygen -e -f ~/.ssh/id_dsa.pub > ~/.ssh/dsa_ssh2.pub
  2. Copy this SSH2 public key to your .ssh2 directory on the SSH2 server: 
    scp ~/.ssh/dsa_ssh2.pub server:.ssh2/dsa_ssh2.pub
    If you can't copy the public key because the password authentication is disabled, you can email it to the system administrator and ask him/her to do the following for you (~/ is your home directory).
  3. Add this new pub key to the authorization on the server: 
    echo Key dsa_ssh2.pub >> ~/.ssh2/authorization
  4. Once this is done, the temporary .pub file you created on the OpenSSH client is no longer needed so you can remove it. DO NOT remove the .pub file you just copied to the SSH2 server.
Now your OpenSSH client should be able to connect to the SSH2 server with the DSA public key authentication.

The latest auto launches and test drives Drag n' drop
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)