I am using the openssh ssh-keygen. from my astaro usage, I know that whatever I did works between tectia client and openssh server. Yes, my pub key file does start with: ---- BEGIN SSH2 PUBLIC KEY ---- Comment: "My Network [2048-bit dsa and that gets converted to a file without any <lf>s that starts with: ssh-dss so there seems to be some permissions challenge here? At 06:10 PM 1/10/2006, Jay Leafey wrote: >Robert Moskowitz wrote: >> >>Now I really believe I have something configured wrong.... >>On my Astaro firewall, I had to create everything manually. As it >>does not have a Unix adduser or secure file upload. >>So I followed my working 'instructions'. >>I used: >>/usr/bin/ssh-keygen -X -f ~/.ssh/identity.pub >> ~/.ssh/authorized_keys2 >>and that worked fine on astaro, but not here. So I changed >>..._keys2 to ..._keys and no help. >>Oh, identity.pub was created with: >>cat > ~/.ssh/identity.pub >><copy clipboard that has public key in it> >>CNTL+D >>Of course I don't know what the -X option does. My debian friend >>gave me that command structure... > >The stuff from ssh.com (which I assume includes Tectia) used a >different format for the key files. If you generated the keypair >with Tectia (or commercial SSH) instead of OpenSSH, you'll need to >convert the public key to the OpenSSH format. If you cat out an >OpenSSH public keyfile, you should see a single line that starts >with 'ssh-dsa' or 'ssh-rsa' (depending on the key type) followed by >a long string of what appears to be MD5-encoded information. > >A SSH2 (or Tectia?) public key is a multi-line file containing the >literal strings "---- BEGIN SSH2 PUBLIC KEY ----" and "---- END SSH2 >PUBLIC KEY ----", with the actual key information in-between. > >I think the -X option on ssh-keygen from SSH2/Tectia converts >OpenSSH format keys to the SSH2 format. Looks like a "right church, >wrong pew" sort of issue. > >If you generated your keypair with Tectia, copy the .pub file over >to your Linux box and use ssh-keygen to convert it. If your public >key was named "foo.pub", here's what you'd use to append it to your >authorized_keys file: > > ssh-keygen -i -f foo.pub >> ~/.ssh/authorized_keys > >Make sure the permissions on the .ssh directory and it's contents >are appropriate. Make sure the whole tree is owned by the >appropriate user, too! I usually set the .ssh directory perms to >700 and the files in it to 600, but I'm a bit paranoid. > >ssh-keygen provided with the commercial version of SSH will convert >the OpenSSH format to their format, too, so it's relatively easy to >go either way. Check the Tectia manpages... oops, never mind: >Windows! There's gotta be some docs for it SOMEWHERE. > >Converting the private half of the keypair is a little tougher, as a >password-protected SSH2 key can't be read by either version of SSH's >ssh-keygen. You'll have to remove the password protection from the >private key in order to let the other SSH's version of ssh-keygen convert it. > >Hope that helps! >-- >Jay Leafey - Memphis, TN >jay.leafey at mindless.com > > > >_______________________________________________ >CentOS mailing list >CentOS at centos.org >http://lists.centos.org/mailman/listinfo/centos