//burnz.blog

How to make SSH2 work with OpenSSH

October 17, 2007 · 4 Comments

The commercial version of SSH2 uses a different key format than the OpenSSH. This guide shows how to make them inter-operate with each other with public key authentication.

a. OpenSSH server and SSH2 client
Suppose you already generated an RSA2 key pair on your SSH2 client machine, and the public key is stored at ~/.ssh2/id_rsa_1024_a.pub. The following procedure applies to DSA key pairs too.

  1. Copy your SSH2 public key from your SSH2 client machine to your OpenSSH server like: 
    scp ~/.ssh2/id_rsa_1024_a.pub server:.ssh/rsa_ssh2.pub

    If you can’t copy the public key because the password authentication is disabled, you can email it to the system administrator and ask him/her to do the following for you (~/ is your home directory).

  2. Run the OpenSSH version of ssh-keygen on the server to convert the SSH2 public key to into the format needed by OpenSSH: 
    ssh-keygen -i -f ~/.ssh/rsa_ssh2.pub > ~/.ssh/rsa_openssh.pub
  3. Append this newly generated OpenSSH public key to your authorization file on the server: 
    cat ~/.ssh/rsa_openssh.pub >> ~/.ssh/authorized_keys2
  4. Once this is done, the .pub files you created are no longer needed so you can remove them if you like.

Now your SHH2 client should be able to connect to the OpenSSH server with the public key authentication.

b. SSH2 server and OpenSSH client
By default, the public key is stored at ~/.ssh/id_dsa.pub.

  1. Run the OpenSSH version of ssh-keygen on the OpenSSH client machine to convert the OpenSSH public key into the format needed by SSH2: 
    ssh-keygen -e -f ~/.ssh/id_dsa.pub > ~/.ssh/dsa_ssh2.pub
  2. Copy this SSH2 public key to your .ssh2 directory on the SSH2 server: 
    scp ~/.ssh/dsa_ssh2.pub server:.ssh2/dsa_ssh2.pub

    If you can’t copy the public key because the password authentication is disabled, you can email it to the system administrator and ask him/her to do the following for you (~/ is your home directory).

  3. Add this new pub key to the authorization on the server: 
    echo Key dsa_ssh2.pub >> ~/.ssh2/authorization
  4. Once this is done, the temporary .pub file you created on the OpenSSH client is no longer needed so you can remove it. DO NOT remove the .pub file you just copied to the SSH2 server.

Now your OpenSSH client should be able to connect to the SSH2 server with the DSA public key authentication.

Categories: Linux / Unix · Security · Software
Tagged: , , , , , ,

4 responses so far ↓

  • no name // May 14, 2009 at 2:29 am

    Very nice article. I did intense googling for this information. Your article was clear and concise and very helpful.

    Thank You
    IGotAName

  • anonymous // June 3, 2009 at 4:59 am

    Exactly the information I needed, thanks for posting it.

  • Vanessa G. // June 17, 2009 at 12:59 am

    Thanks a lot, very clear and exactly what I need. Saludos desde Mexico!

  • Roland // November 17, 2009 at 5:19 pm

    Exactly what I was looking for but it does not work in either direction for me.
    SSH versions are:
    Sun_SSH_1.1.1, SSH protocols 1.5/2.0, OpenSSL 0×0090704f
    F-Secure SSH 2.4.0 (build 14) on i686-pc-linux-gnu
    Any ideas?

Leave a Comment