Public Key SSH

You should be familiar with the basics of public key authentication for ssh. Implementing it is actually pretty easy, and remarkably useful. However, connecting between OpenSSH servers (linux) and commercial SSH2 (not the SSH2 protocol, but the ssh2 program) servers (like the one on capone, and many older solaris machines) can be quirky. So we'll cover it here.

OpenSSH -> OpenSSH

Notation Note

In general, we will be connecting from local to remote. Replace those names with your machine (e.g., your unisysXX and engsoft (for openssh) or capone (for SSH2)). Also, this process will have to be done in two directions, so you can go from LOCAL->HOST and then back from HOST->LOCAL.

Setting it up

What we're doing How Where
1. Generate SSH Keys ssh-keygen -t dsa -f .ssh/id_dsa Local
2. Copy Public Key to the Remote Machine scp .ssh/ REMOTE: Local
3. Add Public Key to the list of keys cat >> .ssh/authorized_keys2 Remote
4. Set up permissions chmod 640 .ssh/authorized_keys2 Remote
You can now ssh from LOCAL to REMOTE without a password. Make sure never to let anyone get your private key file (keep permissions at 600). Public keys can (and should) be publically available.

This will work for the unisys machines, engsoft, remus or romulus (not both... figure out why), and most newer servers. For capone, you'll want to try the following procedures, too...

OpenSSH -> SSH2

From OpenSSH (unisys), to SSH2 (capone)

The assumption is that the above has already been done. Note that following the public key ideas, the public key from the unisys machine will be on capone. Since, however, SSH2 cannot read an OpenSSH key, we have to do a few tiny little changes first.
What we're doing How Where
1. Convert SSH Public Key ssh-keygen -e, then tell it where the public key is Local
2. Create the public key file on the SSH2 machine vi .ssh2/id_dsa.unisysXX, then paste it in. Use your number in place of XX Remote
3. Add Public Key to the list of keys echo "key id_dsa.unisysXX >> .ssh2/authorization Remote

SSH2 -> OpenSSH

Now, we'll need to generate a new set of keys on the SSH2 machine, and send its public key to the openssh machine. Again, we'll need to do some converting of the public key, this time to OpenSSH form.
What we're doing How Where
1. Create SSH Keys ssh-keygen -t dsa Local
2. Tell SSH2 who it is (don't ask) echo "idkey id_dsa_1024_a" >> .ssh2/identification Local
3. Set permissions chmod 600 .ssh2/idkey .ssh2/identification Local
4. Copy the public key to the OpenSSH machine scp .ssh/ REMOTE: Local
5. Convert the public key, and add it ssh-keygen -i -f >> .ssh/authorized_keys2 Remote
[TA Homepage | Course Homepage | Email Me | Contact Info]