Home > Linux / Unix, Security, Tutorial > SSH: Convert OpenSSH to SSH2 and vise versa

SSH: Convert OpenSSH to SSH2 and vise versa

Connecting two server running different type of SSH can be nightmare if you does not know how to convert the key. In this tutorial, I will try to explain on how to convert the public key from OpenSSH to SSH2 and SSH2 to OpenSSH. To convert the key, it must be done in OpenSSH server.

Convert OpenSSH key to SSH2 key

  • Run the OpenSSH version of ssh-keygen on your OpenSSH public key to convert it into the format needed by SSH2 on the remote machine. This must be done on the system running OpenSSH.
    #ssh-keygen -e -f ~/.ssh/id_dsa.pub > ~/.ssh/id_dsa_ssh2.pub

Convert SSH2 key to OpenSSH key

  • Run the OpenSSH version of ssh-keygen on your ssh2 public key to convert it into the format needed by OpenSSH. This needs to be done on the system running OpenSSH.
    #ssh-keygen -i -f ~/.ssh/id_dsa_1024_a.pub > ~/.ssh/id_dsa_1024_a_openssh.pub

Steps involved to produce and convert the keys.

OpenSSH
To generate an OpenSSH sshv2 key

$ ssh-keygen -t dsa -f newkey
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in newkey.
Your public key has been saved in newkey.pub.
The key fingerprint is:
c6:db:3a:ff:4c:79:a7:d8:cb:be:82:e8:9d:db:8c:e9 brad@eta

To export to ssh.com

$ ssh-keygen -e -f newkey.pub
—- BEGIN SSH2 PUBLIC KEY —-
Comment: “1024-bit DSA, converted from OpenSSH by brad@eta”
AAAAB3NzaC1kc3MAAACBAJ7QKkrLoOE9TNPVmKVedk1GAr/S+Cruq3/GtjRnxvJqbBbfne
lWYUC+vbHc5a+7bgRsQfCgoCeGKH5wGD4CDWQMhy2XYomnGf1gUC86Hq77/Noqa02N441E
FSTIEoNlU2aYi8zwVQKlgP6e22mG9sK7zSaGX639ctaigHuST8qPAAAAFQC2az8dfxHkkD
ZAEw+RcvRn3cpXFQAAAIEAgYpPs6d+Kyw37ZaBarlMEaZoEfrxhUZ44SN+KoqBZYpSVwyH
J+/RB0zVUizXCmZ5RhYSsYZ57Iixx1bBmBxogaEh5d7xxUpg/9Xctf94Jsf7vxccjZ4XYA
RrVikq/0L9fuKOmo4ET9iAf+GL7w2u5gzxxZr+xX5jw/A7907lOCwAAACAMoHHk0o1XkG+
yeaPtuwbrHshGqTjpOUkJ/AYuQ8OBuVAOdqse1di9JpeHko26G0zoH3N+nDHMGdYYTNHzR
NYRd2q20ztcAP52crZo1rtpNdvs6c+RTEIgoP3oYh1e1+rg70tWKIW3R/NYB39CESHoyqs
AJ7vzOPm0iUOd36YECY=
—- END SSH2 PUBLIC KEY —-

SSH
To generate a key:

$ ssh-keygen
Generating 2048-bit dsa key pair
1 oOo.oO
Key generated.
2048-bit dsa, marshalb@obelix.cqu.edu.au, Tue Jul 15 2003 13:53:34 +1000
Passphrase :
Again      :
Private key saved to /usr/users/staff/m/marshalb/.ssh2/id_dsa_2048_b
Public key saved to /usr/users/staff/m/marshalb/.ssh2/id_dsa_2048_b.pub

To convert from ssh.com to OpenSSH (using OpenSSH ssh-keygen):

$ ssh-keygen -i -f id_dsa_2048_b.pub
ssh-dss AAAAB3NzaC1kc3MAAAEBAKueha6mfr5OUcscc88lmQUBBgYSZ08htHFaYzke2N
5WG6ql1NgwQsyY2mMRxvvGckBeInx2GvRlz1+izDs5p4UGhkMzG8qOoT2y2vLwTFQyxi4I
XET1e0E8VYC0dcLfs5Zg6RxEY7GA5FiydS6dceuPnLJgCYDfyb9Qbk4rVEvREODo8dV/KR
lZxecEgaeKOO7ZnEzaIVPRCVb6U6EaRtZvxKfGnNFI957AfZ+Hqevz1IeQNDCp00EmaNli
8Ow4rjOPlH7o818r35Ea8mMoV0hkirNQ25zf/Z1LvCS3649537YDi/SVmMMpGCvT93w/TR
vk5RKlwVVy+TH52C8/MKEAAAAVAOuDCV61LvfKz0bd8hYEJ/gGof9XAAABAQCFRhlpWtVO
hTxcWcrnZp9EbbVRZO16St5TPjL86khb7b/VjScOAgt0tslHwtEEQzImv1xRkk6ZQ1o9pv
Azb1fMZrZMGIy9zUXvL0v6LNXxCxN9YIjx14OXYfH8EIQDZJGRJoxHvEvUVjv3lHnTuxbd
Krcbagvakxvgjq1wVyEueilO+g+WhJm+Q+XIYRl0TK9qtsAVFmzxBxT5USZFJ+1kbG7ipp
fFSGWRd3KPUCVQ8iGO3IMjtIlfcuGOArbKB06kMlxsdjNjhcEIHtR0jpaEeB2X+HrVScQE
oXG4S8YkiIExlIvjhrVr571BTOuO9H5VHt4CtKUxeXxKZWslulYwAAABAHm3zlMsXxPL/H
Oq29qf7Lk90b7El+j19E2UkyssfSu6+/k4bFf6ax2n3yEn31S5bUdNvgqmlEjdERc4SkU6
5b5LW2ZI1v7kRoegG+bD2Q21N9Rv/lwS7CTprenKiMMRJ8TU7FMIVT3zEZkV+etC7cbaN+
09GoiFTt+h7IDmo7onlo64oSMrcc+xt++ZUzENTVBgDoS92jlpnELkyJqZgb1/fdEPT6wR
j132yBxWLqDGmbp9msmY1us+XNDY8isF80u9yTTXGTskOtCSaeavDDtPOKN5ZR20sHpIBg
t6zd6mm/zKD6OZo14BLSJr7ldwSRzNNYMtkLnNyFSYxAIrm9Y=

You can then use the output in authorized_keys file on an openssh box.

OpenSSH v2 -> SSH v2

On the OpenSSH box, create a DSA key via the following:

$ ssh-keygen -t dsa

Export the key into ssh.com v2 format:

$ ssh-keygen -e -f ~/.ssh/id_dsa.pub > newPubKey

Copy the converted ssh key to the ssh.com server

$ scp newPubKey server:.ssh2/id_dsa.pub

On the server, tell the ssh.com server that the public key is allowed:

echo “Key id_dsa.pub” >> ~/.ssh2/authorization

SSH v2 -> OpenSSH v2

On the ssh.com box, generate a DSA key:

$ ssh-keygen

Copy the generated key to the openssh box:

$ scp ~/.ssh2/id_dsa_1024_a.pub server:.ssh

Convert the public key to openssh format and append to authorized_keys:

$ ssh-keygen -i -f id_dsa_1024_a.pub >> ~/.ssh/authorized_keys

On the ssh.com box setup the private key:

$ echo “IdKey id_dsa_1024_a” >> ~/.ssh2/identification

SSH v2 -> SSH v2

On the ssh.com client, generate a DSA key:

$ ssh-keygen

Copy the generated key to the server:

$ scp ~/.ssh2/id_dsa_1024_a.pub server:.ssh2

On the server, tell the ssh.com server that the public key is allowed:

$ echo “Key id_dsa._1024_a.pub” >> ~/.ssh2/authorization

On the ssh.com client setup the private key:

$ echo “IdKey id_dsa_1024_a” >> ~/.ssh2/identification

OpenSSH v2 -> OpenSSH v2

On the OpenSSH box, create a DSA key via the following:

$ ssh-keygen -t dsa

Copy the ssh key to the server

$ scp ~/.ssh/id_dsa.pub server:.ssh/id_dsa.pub

Add the key to the authorized_keys file on the server

$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

About these ads
  1. Vijay
    February 7, 2008 at 1:24 pm

    Hi,

    I have generated one public key using puttygen. It gave the key into the below format:

    ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQBxmOOeYQ5NiRi9lW2js9iG1jaVCvVGIoJBncuSELq8ZSm3tUUWmMq6ak0GH1CkXe3iJH3hwTTCLCAUnQ6nhuD5oF1onaAvzxy2BQ5o4ehvmcero3McWmCGkFJ3nTXhg6psWNcdY9ICV3ymh6RE9qARSUazfCeUlGmLpPYqPAZP/V0Rfy9P5Cyz/Vfq0kRwq04duhO9+BunHI5fN9zTF34NBwWbcZjv9vrXnnyljfQLlvQBOELbI8KLuXNidNWXz6MFCmblsjExQPSC/L7OgfeEyDYafwEoLWnfC7NxsxFEWNRriwWLLLwu4LFPOabSY0Joy5Mnv67gbTo5ex4BaX5n =vijay

    when I import this key into some othe system and after that I export the same key, it convert the key into RSA format which is like below:

    MIIBHzANBgkqhkiG9w0BAQEFAAOCAQwAMIIBBwKCAQBxmOOeYQ5NiRi9lW2js9iG1jaVCvVGIoJBncuSELq8ZSm3tUUWmMq6ak0GH1CkXe3iJH3hwTTCLCAUnQ6nhuD5oF1onaAvzxy2BQ5o4ehvmcero3McWmCGkFJ3nTXhg6psWNcdY9ICV3ymh6RE9qARSUazfCeUlGmLpPYqPAZP/V0Rfy9P5Cyz/Vfq0kRwq04duhO9+BunHI5fN9zTF34NBwWbcZjv9vrXnnyljfQLlvQBOELbI8KLuXNidNWXz6MFCmblsjExQPSC/L7OgfeEyDYafwEoLWnfC7NxsxFEWNRriwWLLLwu4LFPOabSY0Joy5Mnv67gbTo5ex4BaX5nAgEl

    Now I want to convert this key into my old previous format.
    Please help me if you guys have any solution to it.

  2. February 27, 2008 at 8:11 pm

    Just copy back the original key that you created using puttygen.

  3. Alexwebmaster
    March 3, 2009 at 7:39 pm

    Hello webmaster
    I would like to share with you a link to your site
    write me here preonrelt@mail.ru

  4. January 31, 2010 at 11:21 am

    good post thanks

  5. February 15, 2010 at 1:15 am

    good stuff, thanks for share, master….

  6. August 1, 2010 at 6:10 pm

    Hi gen ou gen yon cewL cho sit . Mèsi! M ap di nenpòt moun nenpòt tout moun tout moun sou sit paj . ! xxx livecam xxx

  7. Mohan
    September 10, 2010 at 1:03 am

    Hi,
    I am using sftp from Unix to AS400 server, when I try from sftp from Unix side it will asking pssword prompting, I have verified the Public key and permission for .ssh & authorized_keys file. when I try to do debug mode I am getting the below message.
    Could you please help how to solve this issue without asking password.

    Thanks in advance

    $ sftp -v sshdusr@xxx.xxx.xxx.com
    Connecting to sshdusr@xxx.xxx.xxx.com
    OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
    debug1: Reading configuration data /usr/local/etc/ssh_config
    debug1: Connecting to xxx.xxx.xxx.com [122.191.202.24] port 22.
    debug1: Connection established.
    debug1: identity file /home/zediftp/.ssh/id_rsa type 1
    debug1: identity file /home/zediftp/.ssh/id_dsa type 2
    debug1: Remote protocol version 1.99, remote software version OpenSSH_3.5p1
    debug1: match: OpenSSH_3.5p1 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_3.9p1
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host 'xxx.xxx.xxx.com' is known and matches the RSA host key.
    debug1: Found key in /home/zediftp/.ssh/known_hosts:62
    debug1: ssh_rsa_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Next authentication method: publickey
    debug1: Offering public key: /home/zediftp/.ssh/id_rsa
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Offering public key: /home/zediftp/.ssh/id_dsa
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Next authentication method: keyboard-interactive
    debug1: Authentications that can continue: publickey,password,keyboard-interactive
    debug1: Next authentication method: password
    sshdusr@xxx.xxx.xxx.com's password:

    • March 7, 2014 at 5:05 am

      Hi Mohan, Could you please help how to solve this issue without asking password.

      I’ve the same problem.

      I need to find, how to transfer file from AS400 to one Windows system via SFTP.
      My problem is that the conectivity is with User and Password on the Window.

      You could tell as solucinar contectividad problem as it is presenting me the same error when authenticating password.

  8. January 15, 2011 at 8:57 pm

    hi,
    I am very glad to thank yousharing this post.I also appreciate your work here.nice blog

  9. Matt
    January 23, 2011 at 10:15 am

    Thank you, this helped me out a lot. -Matt

  10. March 4, 2011 at 3:06 pm

    Nice and useful info. i will share with friends.

  11. Steve
    March 8, 2011 at 1:46 am

    Nice info! When copying the public key to a remote server, if you want to skip the steps of logging in twice, concatenating the key, then deleting it, you can do it all in one shot (for example):

    $ cat ~/.ssh/id_rsa.pub | ssh server ‘cat >> ~/.ssh/authorized_keys’

    (The command in single quotes is executed on the remote server without starting an interactive shell and can accept piped input.)

  12. Mike Laramie
    May 27, 2011 at 3:58 am

    Thanks for the info, this has been a huge help!

  13. ouyeah
    July 27, 2011 at 3:01 pm

    a m a z i n g help, thanks.

  14. August 3, 2011 at 1:16 am

    Steve :Nice info! When copying the public key to a remote server, if you want to skip the steps of logging in twice, concatenating the key, then deleting it, you can do it all in one shot (for example):
    $ cat ~/.ssh/id_rsa.pub | ssh server ‘cat >> ~/.ssh/authorized_keys’
    (The command in single quotes is executed on the remote server without starting an interactive shell and can accept piped input.)

    Note that the web page renders those single quotes as “smart quotes”, so just doing a copy-paste may will not work as expected. :)

  15. kevin
    July 12, 2012 at 5:29 am

    Thanks!! you saved the day

  16. rob
    July 24, 2012 at 12:21 pm

    Sorry I am mac newbie and a beginner coder in Python 3 on a brand new mac machine I won in competition. Please help, haha just kidding, thanks bud

  17. Bertrand
    February 7, 2013 at 6:13 pm

    thank, was very usefull for us

  18. June 23, 2013 at 8:05 pm

    I do believe in all the suggestions you’ve presented for the post. They’re extremely convincing and can certainly function. Nevertheless, the posts are very brief for newbies. May you please extend them a little from next time? Thank you for the publish.

  19. July 31, 2013 at 6:07 am

    I believe this is among the so much significant information for me.
    And i am satisfied studying your article. But want to statement on few
    common things, The site taste is perfect, the articles is in point
    of fact great : D. Excellent task, cheers

  20. Axel
    February 6, 2014 at 11:25 pm

    made my day :-)

  1. January 21, 2009 at 6:02 pm
  2. August 18, 2010 at 9:47 pm
  3. January 17, 2011 at 1:02 pm
  4. April 21, 2013 at 1:57 pm
  5. July 25, 2013 at 1:01 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: