Re: ssh2 <--> openssh public key authentication
On Sun, Apr 01, 2001 at 01:01:08PM +1000, Brian May wrote:
> Rob> Hello, I am trying to set up public-key authentication
> Rob> between a SunOS box ("larry") running ssh2 and a dialup
> Rob> Debian box ("peon") running potato with OpenSSH 1:2.5.2p2-1
> Rob> compiled from sid. From larry, the SunOS box, I can do "ssh
> Rob> peon" without being prompted for a password; however, running
> Rob> "ssh larry" from peon requires a password.
>
> I am trying to do the same thing... (where did you find this
> documented? I looked but couldn't find anything.)
The ssh (by which I mean Debian's openssh, not ssh1) and ssh2 man
pages both describe how to set up public-key authentication among like
systems; ssh-keygen(1) describes how to create ssh1 and ssh2 keys from
ssh keys and vice-versa.
> I tried: [to create ssh2 key from ssh1 key and] failed
>
> and:
>
> [562] [snoopy:bam] ~/.ssh >ssh-keygen -t dsa
> [successful creation]
> [566] [snoopy:bam] ~/.ssh >ssh-keygen -f id_dsa.pub -x
> Enter passphrase:
> load failed
I can't run this command on the public key, but I can on the private
key (id_dsa instead of id_dsa.pub). I think this is the correct
behavior, if you ponder it a little.
[~/.ssh]
08:24 $ ssh-keygen -f id_dsa.pub -x
Enter passphrase:
load failed
[~/.ssh]
08:25 $ ssh-keygen -f id_dsa -x
---- BEGIN SSH2 PUBLIC KEY ----
...
> maybe I missed up the build-dependencies, when I rebuilt the latest
> unstable version for potato, but I don't think so...
>
[only differences posted]
> ii libssl096-dev 0.9.6-1 SSL development libraries
> ii libgnome-dev 1.2.11-ximian. The Gnome libraries -- development package
> ii libssl096-dev 0.9.6-1 SSL development libraries
I have:
ii libssl096-dev 0.9.6-0.potato SSL development libraries
ii libgnome-dev 1.0.56-3 The Gnome libraries -- development package
ii libssl096-dev 0.9.6-0.potato SSL development libraries
but I doubt these are significant differences.
> Also ssh -v -v -v gives a number of strange errors:
>
> debug3: Bad RSA1 key file /home/bam/.ssh/id_dsa.
[...]
> so it looks like that ssh-keygen is creating the key in the wrong
> format.
id_dsa isn't an RSA1 key file. Try using ssh -2 or putting "Protocol
2,1" in your .ssh/config.
Let me know if this helps or if you need more info.
Rob
--
There are no games on this system.
Reply to: