Quick Overview
You should be familiar with the basics of public key authentication for ssh. Implementing it is actually pretty easy, and remarkably useful. However, connecting between OpenSSH servers (linux) and commercial SSH2 (not the SSH2 protocol, but the ssh2 program) servers (like the one on many older solaris machines) can be quirky. So we’ll cover it here.
OpenSSH -> OpenSSH
Notation Note
In general, we will be connecting from local to remote. Replace those names with your machine (e.g., in this example, the local machine is breeze, and the remote machine is mikeage.net). Also note that this process will have to be done in two directions, so you can go from LOCAL->HOST and then back from HOST->LOCAL.
Setting it up
| What we’re doing | How | Where |
| 1. Generate SSH Keys | ssh-keygen -t dsa -f .ssh/id_dsa | breeze |
| 2. Copy Public Key to the Remote Machine | scp .ssh/id_dsa.pub mikeage.net: | breeze |
| 3. Add Public Key to the list of keys | cat id_dsa.pub >> .ssh/authorized_keys2 | mikeage.net |
| 4. Set up permissions | chmod 640 .ssh/authorized_keys2 | mikeage.net |
You can now ssh from breeze to mikeage.net without a password. Make sure never to let anyone get your private key file (keep permissions at 600). Public keys can (and should) be publically available.
OpenSSH -> SSH2
From OpenSSH (breeze), to SSH2 (solaris.mikeage.net)
The assumption is that the above has already been done. Note that following the public key ideas, the public key from breeze will be on solaris.mikeage.net. Since, however, SSH2 cannot read an OpenSSH key, we have to do a few tiny little changes first.
| What we’re doing | How | Where |
| 1. Convert SSH Public Key | ssh-keygen -e, then tell it where the public key is | breeze |
| 2. Create the public key file on the SSH2 machine | vi .ssh2/id_dsa.breeze, then paste it in. | mikeage.net |
| 3. Add Public Key to the list of keys | echo “key id_dsa.breeze” >> .ssh2/authorization | mikeage.net |
Done.
SSH2 -> OpenSSH
From SSH2 (mikeage.net), to OpenSSH2 (breeze)
Now, we’ll need to generate a new set of keys on the SSH2 machine, and send its public key to the openssh machine. Again, we’ll need to do some converting of the public key, this time to OpenSSH form.
Note that I recently updated this section to make it a little clearer.
| What we’re doing | How | Where |
| 1. Create SSH Keys | ssh-keygen -t dsa | mikeage.net |
| 2. Tell SSH2 who it is (don’t ask) | echo “idkey id_dsa_1024_a” >> .ssh2/identification | mikeage.net |
| 3. Set permissions | chmod 600 .ssh2/idkey id_dsa_1024_a.pub .ssh2/identification | mikeage.net |
| 4. Copy the public key to the OpenSSH machine | scp .ssh/id_dsa_1024_a.pub breeze: | mikeage.net |
| 5. Convert the public key, and add it | ssh-keygen -i -f id_dsa_1024_a.pub >> .ssh/authorized_keys2 | breeze |
Enjoy.
One response to “SSH Keys, the Easy Way”
Thanks Mike, Got it working very quickly :-), am now ssh’ing around the world with no security..! Ah, I mean with security and no password 🙂