from dc to light : Archives : February 2004

SSH host key based authentication with commercial ssh and openssh

Thanks to Reid for the kind words of guidance. This is the kind of stuff that needs to be blogged, so here it is ::

There are plenty of sites out there detailing how to set up public key based authentication using OpenSSH. That works fine and dandy until you need to connect to a machine running commericial, SSH.com SSH from a machine running OpenSSH — i.e. from my iBook to one of the servers at ECS.

First, generate a DSA or RSA key. The defaults should be adequate.
ssh-keygen -t rsa

Then, you need convert the OpenSSH generated public key to the IETF SECSH format, which SSH.com SSH uses. It will prompt you for the filename; you don’t specify it on the commandline.
ssh-keygen -e > ietf_pubkey

Then, sftp or scp this newly-created IETF key to your remote host.

ssh to the remote host, and in your ~/.ssh2 directory, create the file authorization.

Just add the line “key ietf_pubkey” (or whatever you called your IETF public key file).

Logout, and try logging back in—you should have success. Hurrah!

18 February 2004 | | Comments (2)