Posts Tagged ‘OpenSSH’

Using OpenSSH keys with Server

February 27, 2008 Leave a comment

You can determine which versions of the ssh protocol an ssh server supports by examining the service banner. The service banner includes both the remote protocol version and the remote software version.

telnet ssh_server 22

SSH-1.5-remote_software_version (supports ssh protocol 1 only)
SSH-1.99-remote_software_version (supports ssh protocols 1 and 2)
SSH-2.0-remote_software_version (supports ssh protocol 2 only)

ssh protocol 2:

1. Create a DSA or RSA key named foo. As of version 3.0 of the server includes support for RSA keys.
$ cd ~/.ssh
$ ssh-keygen -t dsa -f foo

2. Convert the DSA or RSA key into “SECSH Public Key File Format,” the format used on an server.
$ ssh-keygen -e -f foo >

3. Copy the file to the server.
$ scp user@ssh.com_host:.ssh2

If the remote server only allows ssh protocol 2, you may receive the following errors:

scp: warning: Executing scp1 compatibility.
scp: FATAL: Executing ssh1 in compatibility mode failed (Check that scp1 is in your PATH).
lost connection

Use sftp instead to transfer the key:

$ sftp user@ssh.com_host
put .ssh2

4. Add the appropriate ~/.ssh2/authorization file entry in the server.
$ ssh user@ssh.com_host ‘echo “key” >> .ssh2/authorization’

5. Login to the server using the foo identity.
$ ssh -o IdentityFile2=~/.ssh/foo user@ssh.com_host

ssh protocol 1:

1. Create an RSA1 key.
$ cd ~/.ssh
$ ssh-keygen -t rsa1

2. Append the ~/.ssh/ file to the ~/.ssh/authorized_keys file on the server.
$ cat ~/.ssh/ | ssh remote_server “cat – >> ~/.ssh/authorized_keys”

Note: Any server only allowing ssh protocol 1 should be upgraded, as usage of ssh protocol 1 itself is not recommended.


SSH: Convert OpenSSH to SSH2 and vise versa

December 14, 2007 32 comments

Connecting two server running different type of SSH can be nightmare if you does not know how to convert the key. In this tutorial, I will try to explain on how to convert the public key from OpenSSH to SSH2 and SSH2 to OpenSSH. To convert the key, it must be done in OpenSSH server.

Convert OpenSSH key to SSH2 key

  • Run the OpenSSH version of ssh-keygen on your OpenSSH public key to convert it into the format needed by SSH2 on the remote machine. This must be done on the system running OpenSSH.
    #ssh-keygen -e -f ~/.ssh/ > ~/.ssh/

Convert SSH2 key to OpenSSH key

  • Run the OpenSSH version of ssh-keygen on your ssh2 public key to convert it into the format needed by OpenSSH. This needs to be done on the system running OpenSSH.
    #ssh-keygen -i -f ~/.ssh/ > ~/.ssh/

Read more…

SSH/SSH2 Password-less Authentication

October 17, 2007 11 comments

A great little guide to setting up two accounts so that you don’t have to type in your password when sshing between them. btw, OS X uses OpenSSH. I don’t know what it is for other platforms.

Basic Idea

No-password authentication works because of public key crypto. Let’s say you have a local machine Ooga and a remote machine Booga. You want to be able to ssh from Ooga to Booga without having to enter your password. First you generate a public/private RSA key pair on Ooga. Then you send your public key to Booga, so that Booga knows that Ooga’s key belongs to a list of authorized keys. Then when you try to ssh fromOoga to Booga, RSA authentication is performed automagically.

Here are detailed steps on how to do this.

NOTE: The following examples and scenarios assume you are creating only a single key, e.g. one RSA key or one DSA key. If it turns out that you’ve created both keys on your (client) system, then you will need to send both of them to the SSH/SSH2 server; otherwise, you may still be asked to enter a passphrase. Read more…

How to make SSH2 work with OpenSSH

October 17, 2007 6 comments

The commercial version of SSH2 uses a different key format than the OpenSSH. This guide shows how to make them inter-operate with each other with public key authentication. Read more…

%d bloggers like this: