Re: ssh2 <--> openssh public key authentication

Mon, 02 Apr 2001 09:33:57 -0500 

On Sun, Apr 01, 2001 at 01:01:08PM +1000, Brian May wrote:
>     Rob> Hello, I am trying to set up public-key authentication
>     Rob> between a SunOS box ("larry") running ssh2 and a dialup
>     Rob> Debian box ("peon") running potato with OpenSSH 1:2.5.2p2-1
>     Rob> compiled from sid.  From larry, the SunOS box, I can do "ssh
>     Rob> peon" without being prompted for a password; however, running
>     Rob> "ssh larry" from peon requires a password.
> 
> I am trying to do the same thing... (where did you find this
> documented?  I looked but couldn't find anything.)

The ssh (by which I mean Debian's openssh, not ssh1) and ssh2 man
pages both describe how to set up public-key authentication among like
systems; ssh-keygen(1) describes how to create ssh1 and ssh2 keys from
ssh keys and vice-versa.

> I tried: [to create ssh2 key from ssh1 key and] failed
> 
> and:
> 
> [562] [snoopy:bam] ~/.ssh >ssh-keygen -t dsa         
> [successful creation]
> [566] [snoopy:bam] ~/.ssh >ssh-keygen -f id_dsa.pub  -x
> Enter passphrase: 
> load failed

I can't run this command on the public key, but I can on the private
key (id_dsa instead of id_dsa.pub).  I think this is the correct
behavior, if you ponder it a little.

[~/.ssh]
08:24 $ ssh-keygen -f id_dsa.pub  -x
Enter passphrase: 
load failed
[~/.ssh]
08:25 $ ssh-keygen -f id_dsa  -x
---- BEGIN SSH2 PUBLIC KEY ----
...

> maybe I missed up the build-dependencies, when I rebuilt the latest
> unstable version for potato, but I don't think so...
> 
[only differences posted]
> ii  libssl096-dev  0.9.6-1        SSL development libraries
> ii  libgnome-dev   1.2.11-ximian. The Gnome libraries -- development package
> ii  libssl096-dev  0.9.6-1        SSL development libraries

I have:
ii  libssl096-dev  0.9.6-0.potato SSL development libraries
ii  libgnome-dev   1.0.56-3       The Gnome libraries -- development package
ii  libssl096-dev  0.9.6-0.potato SSL development libraries

but I doubt these are significant differences.

> Also ssh -v -v -v gives a number of strange errors:
> 
> debug3: Bad RSA1 key file /home/bam/.ssh/id_dsa.
[...]
> so it looks like that ssh-keygen is creating the key in the wrong
> format.

id_dsa isn't an RSA1 key file.  Try using ssh -2 or putting "Protocol
2,1" in your .ssh/config.

Let me know if this helps or if you need more info.

Rob

-- 
There are no games on this system.

Reply via email to