This page is not at all ready for prime-time, but I am leaving it up because picking through it may provide some information to an interested party.

Other SSH Information

This page contains various extra information about ssh and sftp that is beyond the scope of csc/cpe101.

Setting up public key authentication

Coming soon now we're getting hairy

Getting SSH to cooperate with openssh

Coming soon now we're getting really, really hairy

How to convert ssh2 public keys to a format acceptable to openssh

These notes need revision that is....Coming soon
  1. Before you can install a public key on the remote machine, you need a pair of keys. (If you already have a keypair generated by ssh2, you can skip this.) 
    localmachine% ssh-keygen2
Generating 2048-bit dsa key pair
  42 Oo.ooOo.oOo.
Key generated.
2048-bit dsa, pnico@localmachine.csc.calpoly.edu, Wed Sep 18 2002 10:49:36 +0800
Passphrase : 
Again      : 
Private key saved to /home/pnico/.ssh2/id_dsa_2048_a
Public key saved to /home/pnico/.ssh2/id_dsa_2048_a.pub
localmachine% cd .ssh2
localmachine% mv id_dsa_2048_a bogus
localmachine% mv id_dsa_2048_a.pub  bogus.pub
localmachine%
  2. Remove the passphrase from the public key
  3. Get the public key to the remote machine (the one running openssh) 
    localmachine% scp bogus.pub remotemachine:.ssh
pnico@remotemachine's password: 
bogus.pub                         |  1.2kB |   1.2 kB/s | TOC: 00:00:01 | 100%
localmachine%
  4. Now, on the remote machine, openssh uses a different setup 
    remotemachine% ssh-keygen -X -f bogus.pub >! bogus.openssh
ignore: ---- BEGIN SSH2 PUBLIC KEY ----
ignore: Subject: pnico
ignore: Comment: "2048-bit dsa, pnico@localhost.csc.calpoly.edu, Wed Sep 18 20\
escaped: 02 10:49:36 +0800"
ignore: ---- END SSH2 PUBLIC KEY ----
    and add it to the end of the file authorized_keys remotemachine% cat bogus.openssh >> authorized_keys remotemachine%
To convert a private key, first remove the password, translate as above, then add a password:
  • Remove the password 
    localmachine% ssh-keygen2 -e bogus
Passphrase needed for key "2048-bit dsa, pnico@localhost.csc.calpoly.edu, Wed Sep 18 2002 10:49:36 +0800".
Passphrase : 
Do you want to edit key "2048-bit dsa, pnico@localhost.csc.calpoly.edu, Wed Sep 18 2002 10:49:36 +0800" (yes or no)? yes
Your key comment is "2048-bit dsa, pnico@localhost.csc.calpoly.edu, Wed Sep 18 2002 10:49:36 +0800". Do you want to edit it (yes or no)? no
Do you want to edit passphrase (yes or no)? yes
New passphrase : 
Again          : 
Do you want to continue editing key "2048-bit dsa, pnico@localhost.csc.calpoly.edu, Wed Sep 18 2002 10:49:36 +0800" (yes or no)? no
Do you want to save key "2048-bit dsa, pnico@localhost.csc.calpoly.edu, Wed Sep 18 2002 10:49:36 +0800" to file bogus (yes or no)? yes
localmachine%
  • Convert the key and set up as ID 
    remotemachine% ssh-keygen -X -f bogus > bogus_private.openssh
ignore: ---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
ignore: Subject: pnico
ignore: Comment: "2048-bit dsa, pnico@localhost.csc.calpoly.edu, Wed Sep 18 20\
escaped: 02 10:49:36 +0800"
ignore: ---- END SSH2 ENCRYPTED PRIVATE KEY ----
remotemachine% mv bogus_private.openssh id_dsa
remotemachine%
  • add the password back 
    remotemachine% ssh-keygen -f id_dsa -p
Key has comment 'dsa w/o comment'
Enter new passphrase(empty for no passphrase): 
Enter same passphrase again: 
passphrase too short: 4 bytes
Saving the key failed: id_dsa: Error 0.
remotemachine% ssh-keygen -f id_dsa -p
Key has comment 'dsa w/o comment'
Enter new passphrase(empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved with the new passphrase.
remotemachine% ssh localhost
Enter passphrase for key '/home/faculty/pnico/.ssh/id_dsa': 
Last login: Wed Sep 18 2002 11:19:04 +0800 from remotehost.csc.calpoly.edu
No mail.

 11:20am  up 12 days, 23:06, 16 users,  load average: 0.00, 0.02, 0.08
localhost%
    9/18/02