Home > Linux / Unix, Security, Software > How to make SSH2 work with OpenSSH

How to make SSH2 work with OpenSSH

The commercial version of SSH2 uses a different key format than the OpenSSH. This guide shows how to make them inter-operate with each other with public key authentication.

a. OpenSSH server and SSH2 client
Suppose you already generated an RSA2 key pair on your SSH2 client machine, and the public key is stored at ~/.ssh2/id_rsa_1024_a.pub. The following procedure applies to DSA key pairs too.

  1. Copy your SSH2 public key from your SSH2 client machine to your OpenSSH server like:
    scp ~/.ssh2/id_rsa_1024_a.pub server:.ssh/rsa_ssh2.pub

    If you can’t copy the public key because the password authentication is disabled, you can email it to the system administrator and ask him/her to do the following for you (~/ is your home directory).

  2. Run the OpenSSH version of ssh-keygen on the server to convert the SSH2 public key to into the format needed by OpenSSH:
    ssh-keygen -i -f ~/.ssh/rsa_ssh2.pub > ~/.ssh/rsa_openssh.pub
  3. Append this newly generated OpenSSH public key to your authorization file on the server:
    cat ~/.ssh/rsa_openssh.pub >> ~/.ssh/authorized_keys2
  4. Once this is done, the .pub files you created are no longer needed so you can remove them if you like.

Now your SHH2 client should be able to connect to the OpenSSH server with the public key authentication.

b. SSH2 server and OpenSSH client
By default, the public key is stored at ~/.ssh/id_dsa.pub.

  1. Run the OpenSSH version of ssh-keygen on the OpenSSH client machine to convert the OpenSSH public key into the format needed by SSH2:
    ssh-keygen -e -f ~/.ssh/id_dsa.pub > ~/.ssh/dsa_ssh2.pub
  2. Copy this SSH2 public key to your .ssh2 directory on the SSH2 server:
    scp ~/.ssh/dsa_ssh2.pub server:.ssh2/dsa_ssh2.pub

    If you can’t copy the public key because the password authentication is disabled, you can email it to the system administrator and ask him/her to do the following for you (~/ is your home directory).

  3. Add this new pub key to the authorization on the server:
    echo Key dsa_ssh2.pub >> ~/.ssh2/authorization
  4. Once this is done, the temporary .pub file you created on the OpenSSH client is no longer needed so you can remove it. DO NOT remove the .pub file you just copied to the SSH2 server.

Now your OpenSSH client should be able to connect to the SSH2 server with the DSA public key authentication.

  1. May 14, 2009 at 2:29 am

    Very nice article. I did intense googling for this information. Your article was clear and concise and very helpful.

    Thank You
    IGotAName

  2. anonymous
    June 3, 2009 at 4:59 am

    Exactly the information I needed, thanks for posting it.

  3. Vanessa G.
    June 17, 2009 at 12:59 am

    Thanks a lot, very clear and exactly what I need. Saludos desde Mexico!

  4. Roland
    November 17, 2009 at 5:19 pm

    Exactly what I was looking for but it does not work in either direction for me.
    SSH versions are:
    Sun_SSH_1.1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
    F-Secure SSH 2.4.0 (build 14) on i686-pc-linux-gnu
    Any ideas?

  5. Wajid M.
    August 17, 2010 at 1:23 pm

    Very clear steps, thanks. I am using the id_rsa.pub key, converted to id_rsa_ssh2.pub and placed localhost_id_rsa_ssh2.pub file and entry ‘key localhost_id_rsa_ssh2.pub’ in file ‘authorization’ under ~/.ssh2 on remote ssh2 server, still get the publickey denied error.

    Any ideas? Also does using ssh command on client invoke ssh2 on remote server?

  6. Neha
    April 17, 2014 at 10:36 pm

    Thanks very much. very clear and helpful.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: