6.7. Authenticating by Public Key (SSH2 Client, OpenSSH Server)

Problem

You want to authenticate between an SSH2 client (SSH Secure Shell from SSH Communication Security) and an OpenSSH server by public key.

Solution

  1. Create an SSH2 private key on the client machine, if one doesn’t already exist, and install it by appending a line to ~/.ssh2/identification:

    $ mkdir -p ~/.ssh2                                       If it doesn't already exist
$ chmod 700 ~/.ssh2
$ cd ~/.ssh2
$ ssh-keygen2                                            Creates id_dsa_1024_a
$ echo "IdKey id_dsa_1024_a" >> identification     (Appending)

  2. Copy its public key to the OpenSSH server machine:

    $ scp2 id_dsa_1024_a.pub remoteuser@remotehost:.ssh/

  3. Log into the OpenSSH server host and use OpenSSH’s ssh-keygen to import the public key, creating an OpenSSH format key: [Recipe 6.6]

    $ ssh2 -l remoteuser remotehost
Password: ********

remotehost$ cd ~/.ssh
remotehost$ ssh-keygen -i > imported-ssh2-key.pub
Enter file in which the key is (/home/smith/.ssh/id_rsa): id_dsa_1024_a.pub

  4. Install the new public key by appending a line to ~/.ssh/authorized_keys:

    remotehost$ cat imported-ssh2-key.pub >> authorized_keys   (Appending)

  5. Log out and log back in using the new key:

    remotehost$ exit
$ ssh2 -l remoteuser remotehost

Description

Recall that SSH2 uses the identification file as explained in the sidebar, SSH-2 Key File Formats.

See Also

ssh-keygen(1), ssh-keygen2(1).

Get Linux Security Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial