SSH Key Authentication Problem
David
I have a Linux Server running Mandrake 9.0 on the end of a broadband
connection behind a firewall. I have opened up the SSH port so I can access
the machine when I am elsewhere. Currently I am using passwords to
authenticate with the server, but I would like to turn this off and just use
key authentication.
The version of SSH running on the linux box is:
$ ssh -V
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f
I have generated my private and public keys by using
$ ssh-keygen -t rsa
The filenames for the keys were identity and identity.pub.
I then copied my public key (identity.pub) to authorized_keys2.
The contents of my .ssh folder is now:
-rw-r--r-- 1 david david 229 May 19 14:29 authorized_keys2
-rw------- 1 david david 951 May 19 14:42 identity
-rw-r--r-- 1 david david 229 May 19 14:29 identity.pub
-rw-r--r-- 1 david david 1863 May 16 00:05 known_hosts
From any Linux machine which has my private key in the .ssh folder I can
sucesfully log into my Linux server using the SSH keys and my passphrase.
So far so good.
My problem occurs when I try and log into my linux server using a Windows
SSH client. My main Windows SSH client is the one from ssh.com:
C:\>ssh2 -V
SSH Secure Shell 3.2.3 Windows Client
Product: SSH Secure Shell for Workstations
This is the output from the command-line verision of SSH although I normally
use the GUI.
I have copied my private and public key from my linux server and placed it
in the userkeys folder of the windows ssh client, but when I connect my
client gives the error:
Failed to read your public key file "C:\Document and
Settings\David\Application Data\SSH\UserKeys\identity.pub".
and then resorts back to password authentication.
Upon further investigation I noticed that when I generate keys with the
Windows SSH client, the format of both the private and public key files are
different to the ones generated by ssh-keygen under Linux.
I tried placing the keys generated by the Windows client on the Linux server
but then the key authentication fails completely both when logging in from
another Linux client and from Windows.
I then put the Linux generated keys back onto the Linux server so everything
was back as it was. I coped the keys off the Linux server and placed them in
the UserKeys folder of my Windows SSH client as before, but this time I
modified the format of the key files so they were the same as the format of
the Windows generated keys. When I connect to the server from Windows it can
now read the keys and asks for my passphrase. Unfortunately it wont accept
my passphrase even though I know it is correct! Again it then resorts back
to password authentication.
ARGH!
Has anyone managed to get SSH Key authentication to work succesfully with a
Linux OpenSSH server and and Windows SSH client?
BTW - I have had no success using the the Windows Putty SSH client either.
Any help would be greatly appreciated.
Thanks in adavnce,
- David
IVANYI Ivan
ssh-keygen -X -f ~/.ssh2/my_pub_key.pub > ~/.ssh/authorized_keys2
--
************************************************************
******* Please note the change in telephone numbers ********
************************************************************
Ivan Ivanyi
Swiss Institute of Bioinformatics
1, rue Michel Servet
CH-1211 Genève 4
Switzerland
Tel: (+41 22) 379 58 33
Fax: (+41 22) 379 58 58
E-mail: Ivan....@isb-sib.ch
David
I started over from scratch by deleting my keys off my linux server and off
the windows client.
I then generated a new key pair in the windows client, uploaded it to the
linux server, and ran the command you told me to use.
I can now successfully loginto my linux server from the windows client using
my newly generated keys.
The contents of my .ssh and .ssh2 folders are now:
[david@altair david]$ ll .ssh
total 8
-rw-rw-r-- 1 david david 213 May 21 13:06 authorized_keys2
-rw-r--r-- 1 david david 1863 May 16 00:05 known_hosts
[david@altair david]$ ll .ssh2
total 8
-rw-r--r-- 1 david david 345 May 21 12:58 altair.pub
-rw-r--r-- 1 david david 15 May 21 12:58 authorization
[david@altair david]$
I now can't loginto my linux server from another linux client using my
windows generated private key presumably because it is in the wrong format.
How do I convert my windows generated private key so linux can read it? I
tried using the command to convert the public key but I got this error:
$ ssh-keygen -X -f ~/.ssh/winprivkey > ~/.ssh/privkey
unsupported cipher 3des-cbc
decode blob failed.
- David
----- Original Message -----
From: "IVANYI Ivan" <ivan....@isb-sib.ch>
To: "David Bull" <dpb...@essex.ac.uk>
Sent: Wednesday, May 21, 2003 12:51 PM
Subject: Re: SSH Key Authentication Problem
> the .ssh2 folder is the default for commercial ssh (ssh.com) keys and
> configuration files. .ssh for OpenSSH of course...
>
> normally if you've connected from windows with the Commercial ssh client
you
> have an option in the menus to upload the key (doesn't matter but it would
have
> put it in .ssh2)
>
>
> have you tried running the command? on my redhat 8... OpenSSH_3.4p1, SSH
> protocols 1.5/2.0
>
> neither the man nor the help show the -X option of ssh-keygen but it does
exist....
>
> the -X option basically converts the key the was generated for SSH
Commercial to
> work with OpenSSH... not sure about the specifics... can't remember as a
long
> time ago I setup a web page for myself to remind me about the different
ways of
> doing key authentication between different versions of SSH...
>
> David Bull wrote:
> > My keys are all stored in ~/.ssh and I have no ~/.ssh2 folder.
> > Also, the -X option for ssh-keygen doesn't seem to exist, at least with
my
> > copy of ssh-keygen.
> > What is that command supposed to do?