[CentOS] Re: 2 SSH questions
Robert Moskowitz
rgm at htt-consult.com
Wed Jan 11 02:29:57 UTC 2006
I am using the openssh ssh-keygen. from my astaro usage, I know that
whatever I did works between tectia client and openssh server.
Yes, my pub key file does start with:
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "My Network [2048-bit dsa
and that gets converted to a file without any <lf>s that starts with:
ssh-dss
so there seems to be some permissions challenge here?
At 06:10 PM 1/10/2006, Jay Leafey wrote:
>Robert Moskowitz wrote:
>>
>>Now I really believe I have something configured wrong....
>>On my Astaro firewall, I had to create everything manually. As it
>>does not have a Unix adduser or secure file upload.
>>So I followed my working 'instructions'.
>>I used:
>>/usr/bin/ssh-keygen -X -f ~/.ssh/identity.pub >> ~/.ssh/authorized_keys2
>>and that worked fine on astaro, but not here. So I changed
>>..._keys2 to ..._keys and no help.
>>Oh, identity.pub was created with:
>>cat > ~/.ssh/identity.pub
>><copy clipboard that has public key in it>
>>CNTL+D
>>Of course I don't know what the -X option does. My debian friend
>>gave me that command structure...
>
>The stuff from ssh.com (which I assume includes Tectia) used a
>different format for the key files. If you generated the keypair
>with Tectia (or commercial SSH) instead of OpenSSH, you'll need to
>convert the public key to the OpenSSH format. If you cat out an
>OpenSSH public keyfile, you should see a single line that starts
>with 'ssh-dsa' or 'ssh-rsa' (depending on the key type) followed by
>a long string of what appears to be MD5-encoded information.
>
>A SSH2 (or Tectia?) public key is a multi-line file containing the
>literal strings "---- BEGIN SSH2 PUBLIC KEY ----" and "---- END SSH2
>PUBLIC KEY ----", with the actual key information in-between.
>
>I think the -X option on ssh-keygen from SSH2/Tectia converts
>OpenSSH format keys to the SSH2 format. Looks like a "right church,
>wrong pew" sort of issue.
>
>If you generated your keypair with Tectia, copy the .pub file over
>to your Linux box and use ssh-keygen to convert it. If your public
>key was named "foo.pub", here's what you'd use to append it to your
>authorized_keys file:
>
> ssh-keygen -i -f foo.pub >> ~/.ssh/authorized_keys
>
>Make sure the permissions on the .ssh directory and it's contents
>are appropriate. Make sure the whole tree is owned by the
>appropriate user, too! I usually set the .ssh directory perms to
>700 and the files in it to 600, but I'm a bit paranoid.
>
>ssh-keygen provided with the commercial version of SSH will convert
>the OpenSSH format to their format, too, so it's relatively easy to
>go either way. Check the Tectia manpages... oops, never mind:
>Windows! There's gotta be some docs for it SOMEWHERE.
>
>Converting the private half of the keypair is a little tougher, as a
>password-protected SSH2 key can't be read by either version of SSH's
>ssh-keygen. You'll have to remove the password protection from the
>private key in order to let the other SSH's version of ssh-keygen convert it.
>
>Hope that helps!
>--
>Jay Leafey - Memphis, TN
>jay.leafey at mindless.com
>
>
>
>_______________________________________________
>CentOS mailing list
>CentOS at centos.org
>http://lists.centos.org/mailman/listinfo/centos
More information about the CentOS
mailing list