Recipe 6.7 Authenticating by Public Key (SSH2 Client, OpenSSH Server)

6.7.1 Problem

You want to authenticate between an SSH2 client (SSH Secure Shell from SSH Communication Security) and an OpenSSH server by public key.

6.7.2 Solution

  1. Create an SSH2 private key on the client machine, if one doesn't already exist, and install it by appending a line to ~/.ssh2/identification:

    $ mkdir -p ~/.ssh2                                       If it doesn't already exist
    $ chmod 700 ~/.ssh2
    $ cd ~/.ssh2
    $ ssh-keygen2                                            Creates id_dsa_1024_a
    $ echo "IdKey id_dsa_1024_a" >> identification     (Appending)
  2. Copy its public key to the OpenSSH server machine:

    $ scp2 remoteuser@remotehost:.ssh/
  3. Log into the OpenSSH server host and use OpenSSH's ssh-keygen to import the public key, creating an OpenSSH format key: [Recipe 6.6]

    $ ssh2 -l remoteuser remotehost
    Password: ********
    remotehost$ cd ~/.ssh
    remotehost$ ssh-keygen -i >
    Enter file in which the key is (/home/smith/.ssh/id_rsa):
  4. Install the new public key by appending a line to ~/.ssh/authorized_keys:

    remotehost$ cat >> authorized_keys   (Appending)
  5. Log out and log back in using the new key:

    remotehost$ exit
    $ ssh2 -l remoteuser remotehost

6.7.3 Description

Recall that SSH2 uses the identification file as explained in the sidebar, SSH-2 Key File Formats.

6.7.4 See Also

ssh-keygen(1), ssh-keygen2(1).

    Chapter 9. Testing and Monitoring