Recipe 6.6 Authenticating by Public Key (OpenSSH Client, SSH2 Server, SSH2 Key)

Previous page
Table of content
Next page

6.6.1 Problem

You want to authenticate between an OpenSSH client and an SSH2 server (i.e., SSH Secure Shell from SSH Communication Security) using an existing SSH2-format key.

6.6.2 Solution

Suppose your SSH2 private key is id_dsa_1024_a.

  1. Make a copy of the SSH2 private key:

    $ cd ~/.ssh2 $ cp -p id_dsa_1024_a newkey

  2. Set its passphrase to the empty string, creating an unencrypted key:

    $ ssh-keygen2 -e newkey ... Do you want to edit passphrase (yes or no)? yes New passphrase :  Again          :

  3. Import the SSH2 private key to convert it into an OpenSSH private key, imported-ssh2-key:

    $ mkdir -p ~/.ssh                        If it doesn't already exist $ chmod 700 ~/.ssh $ cd ~/.ssh $ mv ~/.ssh2/newkey . $ ssh-keygen -i -f newkey > imported-ssh2-key $ rm newkey $ chmod 600 imported-ssh2-key

  4. Change the passphrase of the imported key:

    $ ssh-keygen -p imported-ssh2-key

  5. Use your new key:

    $ ssh -l remoteuser -i ~/.ssh/imported-ssh2-key remotehost

    To generate the OpenSSH public key from the OpenSSH private key imported-ssh2-key, run:

    $ ssh-keygen -y -f imported-ssh2-key > imported-ssh2-key.pub Enter passphrase: ********

6.6.3 Discussion

OpenSSH's ssh-keygen can convert an SSH2-style private key into an OpenSSH-style private key, using the -i (import) option; however, it works only for unencrypted SSH2 keys. So we decrypt the key (changing its passphrase to null), import it, and re-encrypt it.

This technique involves some risk, since your SSH2 private key will be unencrypted on disk for a few moments. If this concerns you, perform steps 2-3 on a secure machine with no network connection (say, a laptop). Then burn the laptop.

To make the newly imported key your default OpenSSH key, name it ~/.ssh/id_dsa instead of imported-ssh2-key.

As an alternative solution, you could ignore your existing SSH2 private key, generate a brand new OpenSSH key pair, and convert its public key for SSH2 use. [Recipe 6.5] But if your SSH2 public key is already installed on many remote sites, it might make sense to import and reuse the SSH2 private key.

6.6.4 See Also

ssh-keygen(1), ssh-keygen2(1).

Previous page
Table of content
Next page
Linux Security Cookbook
Linux Security Cookbook
ISBN: 0596003919
EAN: 2147483647
Year: 2006
Pages: 247
Authors: Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
BUY ON AMAZON
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
VBScript Programmers Reference
Developing Tablet PC Applications (Charles River Media Programming)
MySQL Cookbook
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
Understanding Digital Signal Processing (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy