6.6.1 ProblemYou want to authenticate between an OpenSSH client and an SSH2 server (i.e., SSH Secure Shell from SSH Communication Security) using an existing SSH2-format key. 6.6.2 SolutionSuppose your SSH2 private key is id_dsa_1024_a.
6.6.3 DiscussionOpenSSH's ssh-keygen can convert an SSH2-style private key into an OpenSSH-style private key, using the -i (import) option; however, it works only for unencrypted SSH2 keys. So we decrypt the key (changing its passphrase to null), import it, and re-encrypt it. This technique involves some risk, since your SSH2 private key will be unencrypted on disk for a few moments. If this concerns you, perform steps 2-3 on a secure machine with no network connection (say, a laptop). Then burn the laptop. To make the newly imported key your default OpenSSH key, name it ~/.ssh/id_dsa instead of imported-ssh2-key. As an alternative solution, you could ignore your existing SSH2 private key, generate a brand new OpenSSH key pair, and convert its public key for SSH2 use. [Recipe 6.5] But if your SSH2 public key is already installed on many remote sites, it might make sense to import and reuse the SSH2 private key. 6.6.4 See Alsossh-keygen(1), ssh-keygen2(1). |