SSH: Convert OpenSSH to SSH2 and vise versa

Connecting two server running different type of SSH can be nightmare if you does not know how to convert the key. In this tutorial, I will try to explain on how to convert the public key from OpenSSH to SSH2 and SSH2 to OpenSSH. To convert the key, it must be done in OpenSSH server.

Convert OpenSSH key to SSH2 key

• Run the OpenSSH version of ssh-keygen on your OpenSSH public key to convert it into the format needed by SSH2 on the remote machine. This must be done on the system running OpenSSH.
  #ssh-keygen -e -f ~/.ssh/id_dsa.pub > ~/.ssh/id_dsa_ssh2.pub

Convert SSH2 key to OpenSSH key

• Run the OpenSSH version of ssh-keygen on your ssh2 public key to convert it into the format needed by OpenSSH. This needs to be done on the system running OpenSSH.
  #ssh-keygen -i -f ~/.ssh/id_dsa_1024_a.pub > ~/.ssh/id_dsa_1024_a_openssh.pub

Steps involved to produce and convert the keys.

OpenSSH
To generate an OpenSSH sshv2 key

$ ssh-keygen -t dsa -f newkey
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in newkey.
Your public key has been saved in newkey.pub.
The key fingerprint is:
c6:db:3a:ff:4c:79:a7:d8:cb:be:82:e8:9d:db:8c:e9 brad@eta

To export to ssh.com

$ ssh-keygen -e -f newkey.pub
—- BEGIN SSH2 PUBLIC KEY —-
Comment: “1024-bit DSA, converted from OpenSSH by brad@eta”
AAAAB3NzaC1kc3MAAACBAJ7QKkrLoOE9TNPVmKVedk1GAr/S+Cruq3/GtjRnxvJqbBbfne
lWYUC+vbHc5a+7bgRsQfCgoCeGKH5wGD4CDWQMhy2XYomnGf1gUC86Hq77/Noqa02N441E
FSTIEoNlU2aYi8zwVQKlgP6e22mG9sK7zSaGX639ctaigHuST8qPAAAAFQC2az8dfxHkkD
ZAEw+RcvRn3cpXFQAAAIEAgYpPs6d+Kyw37ZaBarlMEaZoEfrxhUZ44SN+KoqBZYpSVwyH
J+/RB0zVUizXCmZ5RhYSsYZ57Iixx1bBmBxogaEh5d7xxUpg/9Xctf94Jsf7vxccjZ4XYA
RrVikq/0L9fuKOmo4ET9iAf+GL7w2u5gzxxZr+xX5jw/A7907lOCwAAACAMoHHk0o1XkG+
yeaPtuwbrHshGqTjpOUkJ/AYuQ8OBuVAOdqse1di9JpeHko26G0zoH3N+nDHMGdYYTNHzR
NYRd2q20ztcAP52crZo1rtpNdvs6c+RTEIgoP3oYh1e1+rg70tWKIW3R/NYB39CESHoyqs
AJ7vzOPm0iUOd36YECY=
—- END SSH2 PUBLIC KEY —-

SSH
To generate a key:

$ ssh-keygen
Generating 2048-bit dsa key pair
1 oOo.oO
Key generated.
2048-bit dsa, marshalb@obelix.cqu.edu.au, Tue Jul 15 2003 13:53:34 +1000
Passphrase :
Again      :
Private key saved to /usr/users/staff/m/marshalb/.ssh2/id_dsa_2048_b
Public key saved to /usr/users/staff/m/marshalb/.ssh2/id_dsa_2048_b.pub

To convert from ssh.com to OpenSSH (using OpenSSH ssh-keygen):

$ ssh-keygen -i -f id_dsa_2048_b.pub
ssh-dss AAAAB3NzaC1kc3MAAAEBAKueha6mfr5OUcscc88lmQUBBgYSZ08htHFaYzke2N
5WG6ql1NgwQsyY2mMRxvvGckBeInx2GvRlz1+izDs5p4UGhkMzG8qOoT2y2vLwTFQyxi4I
XET1e0E8VYC0dcLfs5Zg6RxEY7GA5FiydS6dceuPnLJgCYDfyb9Qbk4rVEvREODo8dV/KR
lZxecEgaeKOO7ZnEzaIVPRCVb6U6EaRtZvxKfGnNFI957AfZ+Hqevz1IeQNDCp00EmaNli
8Ow4rjOPlH7o818r35Ea8mMoV0hkirNQ25zf/Z1LvCS3649537YDi/SVmMMpGCvT93w/TR
vk5RKlwVVy+TH52C8/MKEAAAAVAOuDCV61LvfKz0bd8hYEJ/gGof9XAAABAQCFRhlpWtVO
hTxcWcrnZp9EbbVRZO16St5TPjL86khb7b/VjScOAgt0tslHwtEEQzImv1xRkk6ZQ1o9pv
Azb1fMZrZMGIy9zUXvL0v6LNXxCxN9YIjx14OXYfH8EIQDZJGRJoxHvEvUVjv3lHnTuxbd
Krcbagvakxvgjq1wVyEueilO+g+WhJm+Q+XIYRl0TK9qtsAVFmzxBxT5USZFJ+1kbG7ipp
fFSGWRd3KPUCVQ8iGO3IMjtIlfcuGOArbKB06kMlxsdjNjhcEIHtR0jpaEeB2X+HrVScQE
oXG4S8YkiIExlIvjhrVr571BTOuO9H5VHt4CtKUxeXxKZWslulYwAAABAHm3zlMsXxPL/H
Oq29qf7Lk90b7El+j19E2UkyssfSu6+/k4bFf6ax2n3yEn31S5bUdNvgqmlEjdERc4SkU6
5b5LW2ZI1v7kRoegG+bD2Q21N9Rv/lwS7CTprenKiMMRJ8TU7FMIVT3zEZkV+etC7cbaN+
09GoiFTt+h7IDmo7onlo64oSMrcc+xt++ZUzENTVBgDoS92jlpnELkyJqZgb1/fdEPT6wR
j132yBxWLqDGmbp9msmY1us+XNDY8isF80u9yTTXGTskOtCSaeavDDtPOKN5ZR20sHpIBg
t6zd6mm/zKD6OZo14BLSJr7ldwSRzNNYMtkLnNyFSYxAIrm9Y=

You can then use the output in authorized_keys file on an openssh box.

OpenSSH v2 -> SSH v2

On the OpenSSH box, create a DSA key via the following:

$ ssh-keygen -t dsa

Export the key into ssh.com v2 format:

$ ssh-keygen -e -f ~/.ssh/id_dsa.pub > newPubKey

Copy the converted ssh key to the ssh.com server

$ scp newPubKey server:.ssh2/id_dsa.pub

On the server, tell the ssh.com server that the public key is allowed:

echo “Key id_dsa.pub” >> ~/.ssh2/authorization

SSH v2 -> OpenSSH v2

On the ssh.com box, generate a DSA key:

$ ssh-keygen

Copy the generated key to the openssh box:

$ scp ~/.ssh2/id_dsa_1024_a.pub server:.ssh

Convert the public key to openssh format and append to authorized_keys:

$ ssh-keygen -i -f id_dsa_1024_a.pub >> ~/.ssh/authorized_keys

On the ssh.com box setup the private key:

$ echo “IdKey id_dsa_1024_a” >> ~/.ssh2/identification

SSH v2 -> SSH v2

On the ssh.com client, generate a DSA key:

$ ssh-keygen

Copy the generated key to the server:

$ scp ~/.ssh2/id_dsa_1024_a.pub server:.ssh2

On the server, tell the ssh.com server that the public key is allowed:

$ echo “Key id_dsa._1024_a.pub” >> ~/.ssh2/authorization

On the ssh.com client setup the private key:

$ echo “IdKey id_dsa_1024_a” >> ~/.ssh2/identification

OpenSSH v2 -> OpenSSH v2

On the OpenSSH box, create a DSA key via the following:

$ ssh-keygen -t dsa

Copy the ssh key to the server

$ scp ~/.ssh/id_dsa.pub server:.ssh/id_dsa.pub

Add the key to the authorized_keys file on the server

$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

---

Possibly related posts: (automatically generated)

• How to make SSH2 work with OpenSSH
• SSH/SSH2 Password-less Authentication
• Using OpenSSH keys with SSH.com Server
• Public Key Authentication from OpenSSH to SSH