SSH host key based authentication with commercial ssh and openssh
Thanks to Reid for the kind words of guidance. This is the kind of stuff that needs to be blogged, so here it is ::
There are plenty of sites out there detailing how to set up public key based authentication using OpenSSH. That works fine and dandy until you need to connect to a machine running commericial, SSH.com SSH from a machine running OpenSSH — i.e. from my iBook to one of the servers at ECS.
First, generate a DSA or RSA key. The defaults should be adequate.
ssh-keygen -t rsa
Then, you need convert the OpenSSH generated public key to the IETF SECSH format, which SSH.com SSH uses. It will prompt you for the filename; you don’t specify it on the commandline.
ssh-keygen -e > ietf_pubkey
Then, sftp or scp this newly-created IETF key to your remote host.
ssh to the remote host, and in your ~/.ssh2 directory, create the file authorization.
Just add the line “key ietf_pubkey” (or whatever you called your IETF public key file).
Logout, and try logging back in—you should have success. Hurrah!
18 February 2004 |Funny, this. I just zapped my ibook's hard disk so had to generate new keys for all my accounts, and forgot how to do it. Thanks for posting the info, you saved me a couple of minutes.
Posted by: Reid at June 30, 2004 10:11 AMGreat post Dan! Now I can completely forget my ecs password without worry. Reid pointed me here when I was complaining about the failed 2 minutes I spent on this a week back. Thanks for doing the leg work for me.
- Phil
Posted by: Philip at December 4, 2005 8:42 PM