Re: ssh2 <--> openssh public key authentication

To: debian-user@lists.debian.org
Subject: Re: ssh2 <--> openssh public key authentication
From: Rob Mahurin <robm@mad.scientist.com>
Date: Mon, 2 Apr 2001 08:34:42 -0400
Message-id: <[🔎] 20010402083442.B1783@peon>
Mail-followup-to: Rob Mahurin <robm@mad.scientist.com>, debian-user@lists.debian.org
In-reply-to: <84r8zdwcgb.fsf@snoopy.apana.org.au>; from bam@debian.org on Sun, Apr 01, 2001 at 01:01:08PM +1000
References: <20010329141916.A7923@peon> <84r8zdwcgb.fsf@snoopy.apana.org.au>

On Sun, Apr 01, 2001 at 01:01:08PM +1000, Brian May wrote:
>     Rob> Hello, I am trying to set up public-key authentication
>     Rob> between a SunOS box ("larry") running ssh2 and a dialup
>     Rob> Debian box ("peon") running potato with OpenSSH 1:2.5.2p2-1
>     Rob> compiled from sid.  From larry, the SunOS box, I can do "ssh
>     Rob> peon" without being prompted for a password; however, running
>     Rob> "ssh larry" from peon requires a password.
> 
> I am trying to do the same thing... (where did you find this
> documented?  I looked but couldn't find anything.)

The ssh (by which I mean Debian's openssh, not ssh1) and ssh2 man
pages both describe how to set up public-key authentication among like
systems; ssh-keygen(1) describes how to create ssh1 and ssh2 keys from
ssh keys and vice-versa.

> I tried: [to create ssh2 key from ssh1 key and] failed
> 
> and:
> 
> [562] [snoopy:bam] ~/.ssh >ssh-keygen -t dsa         
> [successful creation]
> [566] [snoopy:bam] ~/.ssh >ssh-keygen -f id_dsa.pub  -x
> Enter passphrase: 
> load failed

I can't run this command on the public key, but I can on the private
key (id_dsa instead of id_dsa.pub).  I think this is the correct
behavior, if you ponder it a little.

[~/.ssh]
08:24 $ ssh-keygen -f id_dsa.pub  -x
Enter passphrase: 
load failed
[~/.ssh]
08:25 $ ssh-keygen -f id_dsa  -x
---- BEGIN SSH2 PUBLIC KEY ----
...

> maybe I missed up the build-dependencies, when I rebuilt the latest
> unstable version for potato, but I don't think so...
> 
[only differences posted]
> ii  libssl096-dev  0.9.6-1        SSL development libraries
> ii  libgnome-dev   1.2.11-ximian. The Gnome libraries -- development package
> ii  libssl096-dev  0.9.6-1        SSL development libraries

I have:
ii  libssl096-dev  0.9.6-0.potato SSL development libraries
ii  libgnome-dev   1.0.56-3       The Gnome libraries -- development package
ii  libssl096-dev  0.9.6-0.potato SSL development libraries

but I doubt these are significant differences.

> Also ssh -v -v -v gives a number of strange errors:
> 
> debug3: Bad RSA1 key file /home/bam/.ssh/id_dsa.
[...]
> so it looks like that ssh-keygen is creating the key in the wrong
> format.

id_dsa isn't an RSA1 key file.  Try using ssh -2 or putting "Protocol
2,1" in your .ssh/config.

Let me know if this helps or if you need more info.

Rob

-- 
There are no games on this system.

Reply to:

Follow-Ups:
- Re: ssh2 <--> openssh public key authentication
  - From: Brian May <bam@debian.org>

Prev by Date: Re: newbie-esque: how to cut & paste?
Next by Date: installed program as only run as su
Previous by thread: Re: wrong libc6 - ouch! (fwd)
Next by thread: Re: ssh2 <--> openssh public key authentication
Index(es):
- Date
- Thread