6.6. Authenticating by Public Key (OpenSSH Client, SSH2 Server, SSH2 Key)
Problem
You want to authenticate between an OpenSSH client and an SSH2 server (i.e., SSH Secure Shell from SSH Communication Security) using an existing SSH2-format key.
Solution
Suppose your SSH2 private key is id_dsa_1024_a.
Make a copy of the SSH2 private key:
$ cd ~/.ssh2 $ cp -p id_dsa_1024_a newkey
Set its passphrase to the empty string, creating an unencrypted key:
$ ssh-keygen2 -e newkey ... Do you want to edit passphrase (yes or no)? yes New passphrase : Again :
Import the SSH2 private key to convert it into an OpenSSH private key, imported-ssh2-key:
$ mkdir -p ~/.ssh If it doesn't already exist $ chmod 700 ~/.ssh $ cd ~/.ssh $ mv ~/.ssh2/newkey . $ ssh-keygen -i -f newkey > imported-ssh2-key $ rm newkey $ chmod 600 imported-ssh2-keyChange the passphrase of the imported key:
$ ssh-keygen -p imported-ssh2-key
Use your new key:
$ ssh -l remoteuser -i ~/.ssh/imported-ssh2-key remotehost
To generate the OpenSSH public key from the OpenSSH private key imported-ssh2-key, run:
$ ssh-keygen -y -f imported-ssh2-key > imported-ssh2-key.pub Enter passphrase: ********
Discussion
OpenSSH’s ssh-keygen can convert an SSH2-style private key into an OpenSSH-style private key, using the -i (import) option; however, it works only for unencrypted SSH2 keys. So we decrypt the key (changing its passphrase to null), import it, and re-encrypt it.
This technique involves some risk, since your SSH2 private key will be unencrypted on disk ...
Get Linux Security Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
