Robert Moskowitz wrote:
Now I really believe I have something configured wrong....
On my Astaro firewall, I had to create everything manually. As it does not have a Unix adduser or secure file upload.
So I followed my working 'instructions'.
I used:
/usr/bin/ssh-keygen -X -f ~/.ssh/identity.pub >> ~/.ssh/authorized_keys2
and that worked fine on astaro, but not here. So I changed ..._keys2 to ..._keys and no help.
Oh, identity.pub was created with:
cat > ~/.ssh/identity.pub
<copy clipboard that has public key in it> CNTL+D
Of course I don't know what the -X option does. My debian friend gave me that command structure...
The stuff from ssh.com (which I assume includes Tectia) used a different format for the key files. If you generated the keypair with Tectia (or commercial SSH) instead of OpenSSH, you'll need to convert the public key to the OpenSSH format. If you cat out an OpenSSH public keyfile, you should see a single line that starts with 'ssh-dsa' or 'ssh-rsa' (depending on the key type) followed by a long string of what appears to be MD5-encoded information.
A SSH2 (or Tectia?) public key is a multi-line file containing the literal strings "---- BEGIN SSH2 PUBLIC KEY ----" and "---- END SSH2 PUBLIC KEY ----", with the actual key information in-between.
I think the -X option on ssh-keygen from SSH2/Tectia converts OpenSSH format keys to the SSH2 format. Looks like a "right church, wrong pew" sort of issue.
If you generated your keypair with Tectia, copy the .pub file over to your Linux box and use ssh-keygen to convert it. If your public key was named "foo.pub", here's what you'd use to append it to your authorized_keys file:
ssh-keygen -i -f foo.pub >> ~/.ssh/authorized_keys
Make sure the permissions on the .ssh directory and it's contents are appropriate. Make sure the whole tree is owned by the appropriate user, too! I usually set the .ssh directory perms to 700 and the files in it to 600, but I'm a bit paranoid.
ssh-keygen provided with the commercial version of SSH will convert the OpenSSH format to their format, too, so it's relatively easy to go either way. Check the Tectia manpages... oops, never mind: Windows! There's gotta be some docs for it SOMEWHERE.
Converting the private half of the keypair is a little tougher, as a password-protected SSH2 key can't be read by either version of SSH's ssh-keygen. You'll have to remove the password protection from the private key in order to let the other SSH's version of ssh-keygen convert it.
Hope that helps!