Public Key SSH

You should be familiar with the basics of public key authentication for ssh. Implementing it is actually pretty easy, and remarkably useful. However, connecting between OpenSSH servers (linux) and commercial SSH2 (not the SSH2 protocol, but the ssh2 program) servers (like the one on capone, and many older solaris machines) can be quirky. So we'll cover it here.

OpenSSH -> OpenSSH

Notation Note

In general, we will be connecting from local to remote. Replace those names with your machine (e.g., your unisysXX and engsoft (for openssh) or capone (for SSH2)). Also, this process will have to be done in two directions, so you can go from LOCAL->HOST and then back from HOST->LOCAL.

Setting it up

What we're doing	How	Where
1. Generate SSH Keys	ssh-keygen -t dsa -f .ssh/id_dsa	Local
2. Copy Public Key to the Remote Machine	scp .ssh/id_dsa.pub REMOTE:	Local
3. Add Public Key to the list of keys	cat id_dsa.pub >> .ssh/authorized_keys2	Remote
4. Set up permissions	chmod 640 .ssh/authorized_keys2	Remote

You can now ssh from LOCAL to REMOTE without a password. Make sure never to let anyone get your private key file (keep permissions at 600). Public keys can (and should) be publically available.

This will work for the unisys machines, engsoft, remus or romulus (not both... figure out why), and most newer servers. For capone, you'll want to try the following procedures, too...

OpenSSH -> SSH2

From OpenSSH (unisys), to SSH2 (capone)

The assumption is that the above has already been done. Note that following the public key ideas, the public key from the unisys machine will be on capone. Since, however, SSH2 cannot read an OpenSSH key, we have to do a few tiny little changes first.

What we're doing	How	Where
1. Convert SSH Public Key	ssh-keygen -e, then tell it where the public key is	Local
2. Create the public key file on the SSH2 machine	vi .ssh2/id_dsa.unisysXX, then paste it in. Use your number in place of XX	Remote
3. Add Public Key to the list of keys	echo "key id_dsa.unisysXX >> .ssh2/authorization	Remote

Done.

SSH2 -> OpenSSH

Now, we'll need to generate a new set of keys on the SSH2 machine, and send its public key to the openssh machine. Again, we'll need to do some converting of the public key, this time to OpenSSH form.

What we're doing	How	Where
1. Create SSH Keys	ssh-keygen -t dsa	Local
2. Tell SSH2 who it is (don't ask)	echo "idkey id_dsa_1024_a" >> .ssh2/identification	Local
3. Set permissions	chmod 600 .ssh2/idkey id_dsa_1024_a.pub .ssh2/identification	Local
4. Copy the public key to the OpenSSH machine	scp .ssh/id_dsa_1024_a.pub REMOTE:	Local
5. Convert the public key, and add it	ssh-keygen -i -f id_dsa_1024_a.pub >> .ssh/authorized_keys2	Remote

Enjoy.

[TA Homepage | Course Homepage | Email Me | Contact Info]