You want to authenticate between an OpenSSH client and an SSH2 server (i.e., SSH Secure Shell from SSH Communication Security) using an existing SSH2-format key.
Suppose your SSH2 private key is id_dsa_1024_a.
Make a copy of the SSH2 private key:
$ cd ~/.ssh2 $ cp -p id_dsa_1024_a newkey
Set its passphrase to the empty string, creating an unencrypted key:
$ ssh-keygen2 -e newkey ... Do you want to edit passphrase (yes or no)? yes New passphrase : Again :
Import the SSH2 private key to convert it into an OpenSSH private key, imported-ssh2-key:
$ mkdir -p ~/.ssh If it doesn't already exist $ chmod 700 ~/.ssh $ cd ~/.ssh $ mv ~/.ssh2/newkey . $ ssh-keygen -i -f newkey > imported-ssh2-key $ rm newkey $ chmod 600 imported-ssh2-key
Change the passphrase of the imported key:
$ ssh-keygen -p imported-ssh2-key
Use your new key:
$ ssh -l remoteuser -i ~/.ssh/imported-ssh2-key remotehost
To generate the OpenSSH public key from the OpenSSH private key imported-ssh2-key, run:
$ ssh-keygen -y -f imported-ssh2-key > imported-ssh2-key.pub Enter passphrase: ********
OpenSSH's ssh-keygen can convert an SSH2-style private key into an OpenSSH-style private key, using the -i (import) option; however, it works only for unencrypted SSH2 keys. So we decrypt the key (changing its passphrase to null), import it, and re-encrypt it.
This technique involves some risk, since your SSH2 private key will be unencrypted on disk for a few moments. If this concerns you, perform steps 2-3 on a secure machine with no network connection (say, a laptop). Then burn the laptop.
To make the newly imported key your default OpenSSH key, name it ~/.ssh/id_dsa instead of imported-ssh2-key.
As an alternative solution, you could ignore your existing SSH2 private key, generate a brand new OpenSSH key pair, and convert its public key for SSH2 use. [Recipe 6.5] But if your SSH2 public key is already installed on many remote sites, it might make sense to import and reuse the SSH2 private key.
ssh-keygen(1), ssh-keygen2(1).