SSH keys between ssh.com and openssh’s clients

Introduction
I have two machines I wish to work between using ssh and public keys. One machine is running Solaris 8 with SSH from the comercial ssh.com and the other machine is a a newly installed Linux machine running OpenSSH. The problem is that they have different key types and these keys needs to be converted.

For those who are not familiar with SSH keys such can be created by running the command (goes for both OpenSSH and ssh.com):

ssh-keygen -t dsa

The keys will be located in the folder .ssh/ on a OpenSSH machine and in .ssh2/ on a machine running ssh.com.

Converting the keys
Converting both from and to ssh.com’s needs to be done on the machine running OpenSSH since this is only possible in ssh-keygen from OpenSSH.

  • From OpenSSH to ssh.com (id_dsa.pub is a OpenSSH key)
    tjansson@dirac:~/.ssh$ssh-keygen -e -f id_dsa.pub > id_dsa_sshcom.pub
  • From ssh.com to OpenSSH (id_dsa_2048_a.pub is a ssh.com key)
    tjansson@dirac:~/.ssh$ ssh-keygen -i -f id_dsa_2048_a.pub > id_dsa_openssh.pub

Connect to a ssh.com machine from OpenSSH using keys
Assume that we have just converted a OpenSSH key and wish to use it on a ssh.com machine. First we need to transfer the key, id_dsa_sshcom.pub, to the ssh.com machine.

tjansson@dirac:~/.ssh$scp id_dsa_sshcom.pub solarismachine.foobar:.ssh2/

Afterwards we need to tell the ssh.com client to use this key by adding a line to thee file ~/.ssh2/authorization. This file is located on the machine running ssh.com and is maybe not existing. The should read:

Key id_dsa_sshcom.pub

Every time a new key is uploaded a line like this must be inserted in to ~/.ssh2/authorization.

Connect to a OpenSSH machine from ssh.com using keys.
Since we already have converted the ssh.com keys on the machine running OpenSSH the keys is already existing as id_dsa_openssh.pub, so all we need to do is to tell the OpenSSH client that we wish to use this key. This is done by appending the key into the file authorized_keys.

tjansson@dirac:~/.ssh$ cat id_dsa_openssh.pub >> authorized_keys

Finally we need to tell the ssh.com client to use the the keys as well. This is done by adding a line to the file ~/.ssh2/identification on the machine running ssh.com.

IdKey id_dsa_2048_a
This entry was posted in Articles. Bookmark the permalink.

One Response to SSH keys between ssh.com and openssh’s clients

  1. Pingback: open-ssh vs. commercial ssh (tru64), public-key auth not possible?

Leave a Reply