November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930  

Categories

November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930  

Generating an OpenSSH Public Key and Converting it to SecSh Format

Introduction

Whilst reviewing access requirements at a number of sites, we’ve found the need to make several different implementations of SSH clients and servers interoperate succesfully.

This document outlines how to convert keys between OpenSSH, SSH.com (F-Secure), Sun SSH, and PuTTY implementations, using a DSA key for our examples, and also illustrates basic server-side setup for key-based authentication.

Connect to SSH.com server

1) Convert key to correct format:

OpenSSH/Sun SSH – Use ssh-keygen to export from native format to SECSH format:

ssh-keygen -e -f ~user/.ssh/id_dsa.pub > id_dsa_secsh.pub (OpenSSH)
ssh-keygen -x -f ~user/.ssh/id_dsa > id_dsa_secsh.pub (Sun SSH)

*note that Sun requires the private key as an input, whereas OpenSSH can convert directly from a public key to SECSH format.

(PuTTY and SSH.com clients use the SECSH format natively, so no conversion required)

2) Paste the SECSH file into a file of the same name on the server, located in the .ssh directory of the user in question, or scp using passwords:

scp id_dsa_secsh.pub user@target:/home/user/.ssh2/id_dsa_secsh.pub

3) Create or amend the file ~user/.ssh/authorization on the server to include information on the new key:

echo "key id_dsa_secsh.pub" >> ~user/.ssh2/authorization

4) DSA authentication should now be possible.

Connect to OpenSSH and Sun SSH servers

1) Convert key to correct format:

PuTTY – Use the puttygen.exe tool to import the SECSH-formatted file, and copy the OpenSSH-compatible data from the Key window.

SSH.com – Use either Sun’s or OpenSSH’s ssh-keygen to convert from SECSH format:

ssh-keygen -i -f id_dsa_secsh.pub > id_dsa.pub (OpenSSH)
ssh-keygen -X -f id_dsa_secsh.pub > id_dsa.pub (Sun SSH)

2) Paste the DSA key into ~user/.ssh/authorized_keys on the server.

3) DSA authentication should now be possible.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>