[CentOS] Re: 2 SSH questions

Wed Jan 11 02:29:57 UTC 2006
Robert Moskowitz <rgm at htt-consult.com>

I am using the openssh ssh-keygen.  from my astaro usage, I know that 
whatever I did works between tectia client and openssh server.

Yes, my pub key file does start with:

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "My Network [2048-bit dsa

and that gets converted to a file without any <lf>s that starts with:

ssh-dss

so there seems to be some permissions challenge here?

At 06:10 PM 1/10/2006, Jay Leafey wrote:
>Robert Moskowitz wrote:
>>
>>Now I really believe I have something configured wrong....
>>On my Astaro firewall, I had to create everything manually.  As it 
>>does not have a Unix adduser or secure file upload.
>>So I followed my working 'instructions'.
>>I used:
>>/usr/bin/ssh-keygen -X -f ~/.ssh/identity.pub >> ~/.ssh/authorized_keys2
>>and that worked fine on astaro, but not here.  So I changed 
>>..._keys2 to ..._keys and no help.
>>Oh, identity.pub was created with:
>>cat > ~/.ssh/identity.pub
>><copy clipboard that has public key in it>
>>CNTL+D
>>Of course I don't know what the -X option does.  My debian friend 
>>gave me that command structure...
>
>The stuff from ssh.com (which I assume includes Tectia) used a 
>different format for the key files.  If you generated the keypair 
>with Tectia (or commercial SSH) instead of OpenSSH, you'll need to 
>convert the public key to the OpenSSH format.  If you cat out an 
>OpenSSH public keyfile, you should see a single line that starts 
>with 'ssh-dsa' or 'ssh-rsa' (depending on the key type) followed by 
>a long string of what appears to be MD5-encoded information.
>
>A SSH2 (or Tectia?) public key is a multi-line file containing the 
>literal strings "---- BEGIN SSH2 PUBLIC KEY ----" and "---- END SSH2 
>PUBLIC KEY ----", with the actual key information in-between.
>
>I think the -X option on ssh-keygen from SSH2/Tectia converts 
>OpenSSH format keys to the SSH2 format.  Looks like a "right church, 
>wrong pew" sort of issue.
>
>If you generated your keypair with Tectia, copy the .pub file over 
>to your Linux box and use ssh-keygen to convert it.  If your public 
>key was named "foo.pub", here's what you'd use to append it to your 
>authorized_keys file:
>
>     ssh-keygen -i -f foo.pub >> ~/.ssh/authorized_keys
>
>Make sure the permissions on the .ssh directory and it's contents 
>are appropriate.  Make sure the whole tree is owned by the 
>appropriate user, too!  I usually set the .ssh directory perms to 
>700 and the files in it to 600, but I'm a bit paranoid.
>
>ssh-keygen provided with the commercial version of SSH will convert 
>the OpenSSH format to their format, too, so it's relatively easy to 
>go either way.  Check the Tectia manpages... oops, never mind: 
>Windows!  There's gotta be some docs for it SOMEWHERE.
>
>Converting the private half of the keypair is a little tougher, as a 
>password-protected SSH2 key can't be read by either version of SSH's 
>ssh-keygen.  You'll have to remove the password protection from the 
>private key in order to let the other SSH's version of ssh-keygen convert it.
>
>Hope that helps!
>--
>Jay Leafey - Memphis, TN
>jay.leafey at mindless.com
>
>
>
>_______________________________________________
>CentOS mailing list
>CentOS at centos.org
>http://lists.centos.org/mailman/listinfo/centos