SSH Keys, the Easy Way


Quick Overview

You should be familiar with the basics of public key authentication for ssh. Implementing it is actually pretty easy, and remarkably useful. However, connecting between OpenSSH servers (linux) and commercial SSH2 (not the SSH2 protocol, but the ssh2 program) servers (like the one on many older solaris machines) can be quirky. So we’ll cover it here.

OpenSSH -> OpenSSH

Notation Note

In general, we will be connecting from local to remote. Replace those names with your machine (e.g., in this example, the local machine is breeze, and the remote machine is mikeage.net). Also note that this process will have to be done in two directions, so you can go from LOCAL->HOST and then back from HOST->LOCAL.

Setting it up

What we’re doing How Where
1. Generate SSH Keys ssh-keygen -t dsa -f .ssh/id_dsa breeze
2. Copy Public Key to the Remote Machine scp .ssh/id_dsa.pub mikeage.net: breeze
3. Add Public Key to the list of keys cat id_dsa.pub >> .ssh/authorized_keys2 mikeage.net
4. Set up permissions chmod 640 .ssh/authorized_keys2 mikeage.net

You can now ssh from breeze to mikeage.net without a password. Make sure never to let anyone get your private key file (keep permissions at 600). Public keys can (and should) be publically available.

OpenSSH -> SSH2

From OpenSSH (breeze), to SSH2 (solaris.mikeage.net)

The assumption is that the above has already been done. Note that following the public key ideas, the public key from breeze will be on solaris.mikeage.net. Since, however, SSH2 cannot read an OpenSSH key, we have to do a few tiny little changes first.

What we’re doing How Where
1. Convert SSH Public Key ssh-keygen -e, then tell it where the public key is breeze
2. Create the public key file on the SSH2 machine vi .ssh2/id_dsa.breeze, then paste it in. mikeage.net
3. Add Public Key to the list of keys echo “key id_dsa.breeze” >> .ssh2/authorization mikeage.net

Done.

SSH2 -> OpenSSH

From SSH2 (mikeage.net), to OpenSSH2 (breeze)

Now, we’ll need to generate a new set of keys on the SSH2 machine, and send its public key to the openssh machine. Again, we’ll need to do some converting of the public key, this time to OpenSSH form.

Note that I recently updated this section to make it a little clearer.

What we’re doing How Where
1. Create SSH Keys ssh-keygen -t dsa mikeage.net
2. Tell SSH2 who it is (don’t ask) echo “idkey id_dsa_1024_a” >> .ssh2/identification mikeage.net
3. Set permissions chmod 600 .ssh2/idkey id_dsa_1024_a.pub .ssh2/identification mikeage.net
4. Copy the public key to the OpenSSH machine scp .ssh/id_dsa_1024_a.pub breeze: mikeage.net
5. Convert the public key, and add it ssh-keygen -i -f id_dsa_1024_a.pub >> .ssh/authorized_keys2 breeze

Enjoy.


One response to “SSH Keys, the Easy Way”

Leave a Reply

Your email address will not be published. Required fields are marked *