SSH: Convert OpenSSH to SSH2 and vise versa
Connecting two server running different type of SSH can be nightmare if you does not know how to convert the key. In this tutorial, I will try to explain on how to convert the public key from OpenSSH to SSH2 and SSH2 to OpenSSH. To convert the key, it must be done in OpenSSH server.
Convert OpenSSH key to SSH2 key
- Run the OpenSSH version of ssh-keygen on your OpenSSH public key to convert it into the format needed by SSH2 on the remote machine. This must be done on the system running OpenSSH.
#ssh-keygen -e -f ~/.ssh/id_dsa.pub > ~/.ssh/id_dsa_ssh2.pub
Convert SSH2 key to OpenSSH key
- Run the OpenSSH version of ssh-keygen on your ssh2 public key to convert it into the format needed by OpenSSH. This needs to be done on the system running OpenSSH.
#ssh-keygen -i -f ~/.ssh/id_dsa_1024_a.pub > ~/.ssh/id_dsa_1024_a_openssh.pub
Steps involved to produce and convert the keys.
OpenSSH
To generate an OpenSSH sshv2 key
$ ssh-keygen -t dsa -f newkey
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in newkey.
Your public key has been saved in newkey.pub.
The key fingerprint is:
c6:db:3a:ff:4c:79:a7:d8:cb:be:82:e8:9d:db:8c:e9 brad@eta
To export to ssh.com
$ ssh-keygen -e -f newkey.pub
—- BEGIN SSH2 PUBLIC KEY —-
Comment: “1024-bit DSA, converted from OpenSSH by brad@eta”
AAAAB3NzaC1kc3MAAACBAJ7QKkrLoOE9TNPVmKVedk1GAr/S+Cruq3/GtjRnxvJqbBbfne
lWYUC+vbHc5a+7bgRsQfCgoCeGKH5wGD4CDWQMhy2XYomnGf1gUC86Hq77/Noqa02N441E
FSTIEoNlU2aYi8zwVQKlgP6e22mG9sK7zSaGX639ctaigHuST8qPAAAAFQC2az8dfxHkkD
ZAEw+RcvRn3cpXFQAAAIEAgYpPs6d+Kyw37ZaBarlMEaZoEfrxhUZ44SN+KoqBZYpSVwyH
J+/RB0zVUizXCmZ5RhYSsYZ57Iixx1bBmBxogaEh5d7xxUpg/9Xctf94Jsf7vxccjZ4XYA
RrVikq/0L9fuKOmo4ET9iAf+GL7w2u5gzxxZr+xX5jw/A7907lOCwAAACAMoHHk0o1XkG+
yeaPtuwbrHshGqTjpOUkJ/AYuQ8OBuVAOdqse1di9JpeHko26G0zoH3N+nDHMGdYYTNHzR
NYRd2q20ztcAP52crZo1rtpNdvs6c+RTEIgoP3oYh1e1+rg70tWKIW3R/NYB39CESHoyqs
AJ7vzOPm0iUOd36YECY=
—- END SSH2 PUBLIC KEY —-
SSH
To generate a key:
$ ssh-keygen
Generating 2048-bit dsa key pair
1 oOo.oO
Key generated.
2048-bit dsa, marshalb@obelix.cqu.edu.au, Tue Jul 15 2003 13:53:34 +1000
Passphrase :
Again :
Private key saved to /usr/users/staff/m/marshalb/.ssh2/id_dsa_2048_b
Public key saved to /usr/users/staff/m/marshalb/.ssh2/id_dsa_2048_b.pub
To convert from ssh.com to OpenSSH (using OpenSSH ssh-keygen):
$ ssh-keygen -i -f id_dsa_2048_b.pub
ssh-dss AAAAB3NzaC1kc3MAAAEBAKueha6mfr5OUcscc88lmQUBBgYSZ08htHFaYzke2N
5WG6ql1NgwQsyY2mMRxvvGckBeInx2GvRlz1+izDs5p4UGhkMzG8qOoT2y2vLwTFQyxi4I
XET1e0E8VYC0dcLfs5Zg6RxEY7GA5FiydS6dceuPnLJgCYDfyb9Qbk4rVEvREODo8dV/KR
lZxecEgaeKOO7ZnEzaIVPRCVb6U6EaRtZvxKfGnNFI957AfZ+Hqevz1IeQNDCp00EmaNli
8Ow4rjOPlH7o818r35Ea8mMoV0hkirNQ25zf/Z1LvCS3649537YDi/SVmMMpGCvT93w/TR
vk5RKlwVVy+TH52C8/MKEAAAAVAOuDCV61LvfKz0bd8hYEJ/gGof9XAAABAQCFRhlpWtVO
hTxcWcrnZp9EbbVRZO16St5TPjL86khb7b/VjScOAgt0tslHwtEEQzImv1xRkk6ZQ1o9pv
Azb1fMZrZMGIy9zUXvL0v6LNXxCxN9YIjx14OXYfH8EIQDZJGRJoxHvEvUVjv3lHnTuxbd
Krcbagvakxvgjq1wVyEueilO+g+WhJm+Q+XIYRl0TK9qtsAVFmzxBxT5USZFJ+1kbG7ipp
fFSGWRd3KPUCVQ8iGO3IMjtIlfcuGOArbKB06kMlxsdjNjhcEIHtR0jpaEeB2X+HrVScQE
oXG4S8YkiIExlIvjhrVr571BTOuO9H5VHt4CtKUxeXxKZWslulYwAAABAHm3zlMsXxPL/H
Oq29qf7Lk90b7El+j19E2UkyssfSu6+/k4bFf6ax2n3yEn31S5bUdNvgqmlEjdERc4SkU6
5b5LW2ZI1v7kRoegG+bD2Q21N9Rv/lwS7CTprenKiMMRJ8TU7FMIVT3zEZkV+etC7cbaN+
09GoiFTt+h7IDmo7onlo64oSMrcc+xt++ZUzENTVBgDoS92jlpnELkyJqZgb1/fdEPT6wR
j132yBxWLqDGmbp9msmY1us+XNDY8isF80u9yTTXGTskOtCSaeavDDtPOKN5ZR20sHpIBg
t6zd6mm/zKD6OZo14BLSJr7ldwSRzNNYMtkLnNyFSYxAIrm9Y=
You can then use the output in authorized_keys file on an openssh box.
OpenSSH v2 -> SSH v2
On the OpenSSH box, create a DSA key via the following:
$ ssh-keygen -t dsa
Export the key into ssh.com v2 format:
$ ssh-keygen -e -f ~/.ssh/id_dsa.pub > newPubKey
Copy the converted ssh key to the ssh.com server
$ scp newPubKey server:.ssh2/id_dsa.pub
On the server, tell the ssh.com server that the public key is allowed:
echo “Key id_dsa.pub” >> ~/.ssh2/authorization
SSH v2 -> OpenSSH v2
On the ssh.com box, generate a DSA key:
$ ssh-keygen
Copy the generated key to the openssh box:
$ scp ~/.ssh2/id_dsa_1024_a.pub server:.ssh
Convert the public key to openssh format and append to authorized_keys:
$ ssh-keygen -i -f id_dsa_1024_a.pub >> ~/.ssh/authorized_keys
On the ssh.com box setup the private key:
$ echo “IdKey id_dsa_1024_a” >> ~/.ssh2/identification
SSH v2 -> SSH v2
On the ssh.com client, generate a DSA key:
$ ssh-keygen
Copy the generated key to the server:
$ scp ~/.ssh2/id_dsa_1024_a.pub server:.ssh2
On the server, tell the ssh.com server that the public key is allowed:
$ echo “Key id_dsa._1024_a.pub” >> ~/.ssh2/authorization
On the ssh.com client setup the private key:
$ echo “IdKey id_dsa_1024_a” >> ~/.ssh2/identification
OpenSSH v2 -> OpenSSH v2
On the OpenSSH box, create a DSA key via the following:
$ ssh-keygen -t dsa
Copy the ssh key to the server
$ scp ~/.ssh/id_dsa.pub server:.ssh/id_dsa.pub
Add the key to the authorized_keys file on the server
$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
Hi,
I have generated one public key using puttygen. It gave the key into the below format:
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQBxmOOeYQ5NiRi9lW2js9iG1jaVCvVGIoJBncuSELq8ZSm3tUUWmMq6ak0GH1CkXe3iJH3hwTTCLCAUnQ6nhuD5oF1onaAvzxy2BQ5o4ehvmcero3McWmCGkFJ3nTXhg6psWNcdY9ICV3ymh6RE9qARSUazfCeUlGmLpPYqPAZP/V0Rfy9P5Cyz/Vfq0kRwq04duhO9+BunHI5fN9zTF34NBwWbcZjv9vrXnnyljfQLlvQBOELbI8KLuXNidNWXz6MFCmblsjExQPSC/L7OgfeEyDYafwEoLWnfC7NxsxFEWNRriwWLLLwu4LFPOabSY0Joy5Mnv67gbTo5ex4BaX5n =vijay
when I import this key into some othe system and after that I export the same key, it convert the key into RSA format which is like below:
MIIBHzANBgkqhkiG9w0BAQEFAAOCAQwAMIIBBwKCAQBxmOOeYQ5NiRi9lW2js9iG1jaVCvVGIoJBncuSELq8ZSm3tUUWmMq6ak0GH1CkXe3iJH3hwTTCLCAUnQ6nhuD5oF1onaAvzxy2BQ5o4ehvmcero3McWmCGkFJ3nTXhg6psWNcdY9ICV3ymh6RE9qARSUazfCeUlGmLpPYqPAZP/V0Rfy9P5Cyz/Vfq0kRwq04duhO9+BunHI5fN9zTF34NBwWbcZjv9vrXnnyljfQLlvQBOELbI8KLuXNidNWXz6MFCmblsjExQPSC/L7OgfeEyDYafwEoLWnfC7NxsxFEWNRriwWLLLwu4LFPOabSY0Joy5Mnv67gbTo5ex4BaX5nAgEl
Now I want to convert this key into my old previous format.
Please help me if you guys have any solution to it.
Just copy back the original key that you created using puttygen.
Hello webmaster
I would like to share with you a link to your site
write me here preonrelt@mail.ru
good post thanks
good stuff, thanks for share, master….
Hi gen ou gen yon cewL cho sit . Mèsi! M ap di nenpòt moun nenpòt tout moun tout moun sou sit paj . ! xxx livecam xxx
Hi,
I am using sftp from Unix to AS400 server, when I try from sftp from Unix side it will asking pssword prompting, I have verified the Public key and permission for .ssh & authorized_keys file. when I try to do debug mode I am getting the below message.
Could you please help how to solve this issue without asking password.
Thanks in advance
$ sftp -v sshdusr@xxx.xxx.xxx.com
Connecting to sshdusr@xxx.xxx.xxx.com…
OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Connecting to xxx.xxx.xxx.com [122.191.202.24] port 22.
debug1: Connection established.
debug1: identity file /home/zediftp/.ssh/id_rsa type 1
debug1: identity file /home/zediftp/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.5p1
debug1: match: OpenSSH_3.5p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'xxx.xxx.xxx.com' is known and matches the RSA host key.
debug1: Found key in /home/zediftp/.ssh/known_hosts:62
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/zediftp/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering public key: /home/zediftp/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: password
sshdusr@xxx.xxx.xxx.com's password:
Hi Mohan, Could you please help how to solve this issue without asking password.
I’ve the same problem.
I need to find, how to transfer file from AS400 to one Windows system via SFTP.
My problem is that the conectivity is with User and Password on the Window.
You could tell as solucinar contectividad problem as it is presenting me the same error when authenticating password.
hi,
I am very glad to thank yousharing this post.I also appreciate your work here.nice blog
Thank you, this helped me out a lot. -Matt
Nice and useful info. i will share with friends.
Nice info! When copying the public key to a remote server, if you want to skip the steps of logging in twice, concatenating the key, then deleting it, you can do it all in one shot (for example):
$ cat ~/.ssh/id_rsa.pub | ssh server ‘cat >> ~/.ssh/authorized_keys’
(The command in single quotes is executed on the remote server without starting an interactive shell and can accept piped input.)
Thanks for the info, this has been a huge help!
a m a z i n g help, thanks.
Note that the web page renders those single quotes as “smart quotes”, so just doing a copy-paste may will not work as expected. 🙂
Thanks!! you saved the day
Sorry I am mac newbie and a beginner coder in Python 3 on a brand new mac machine I won in competition. Please help, haha just kidding, thanks bud
thank, was very usefull for us
I do believe in all the suggestions you’ve presented for the post. They’re extremely convincing and can certainly function. Nevertheless, the posts are very brief for newbies. May you please extend them a little from next time? Thank you for the publish.
I believe this is among the so much significant information for me.
And i am satisfied studying your article. But want to statement on few
common things, The site taste is perfect, the articles is in point
of fact great : D. Excellent task, cheers
made my day 🙂
came in handy, thanks.
THANKS!