My development server has OpenSSH (new window) installed, while the web hosting server has SSH (new window) installed. I didn't get very far by following the many resources I found on the internet, nor did reading the man pages for the tools help either. No matter what I tried, the OpenSSH client on my end would not automatically authenticate with SSH server on the other end. I found that on the internet, discussions focused mainly on either both the client and server running either SSH or OpenSSH. Very little was said about what tricks were needed in order to configure things to get OpenSSH to talk with SSH.
It turned out mainly to be due to an "undocumented" (well, at least, my man page on my development server says nothing about it) switch within the SSH keygen application. The tutorial that follows should hopefully help others in a similar situation.
Configuring Automatic Authentication using SSH and OpenSSH
- On the local machine (running OpenSSH), generate the public/private DSA key
pair (since a DSA key is all that this version of SSH would understand.
However, if both ends of your setup understand RSA or another key generation
standard, I imagine that you can use those as well):
ssh-keygen -t dsa
By default (if you simply hit return at the prompts), this will generate two files, id_dsa and id_dsa.pub, which are the private and public keys generated, respectively. The program will ask you for a passphrase - you can simply hit return, or for better security, input one.
These files will be create in the ~/.ssh directory. You will want to change the permissions on this directory as well for better security:
chmod 700 ~/.ssh
You may also want to perform the same operation on the files within this directory as well, again, for increased security:
cd ~/.ssh chmod 700 *
- Change to the ~/.ssh directory on the local machine, and convert the
generated DSA public key (id_dsa.pub) to one that is compatible with SSH:
ssh-keygen -x -f id_dsa > ssh2.dsa.pub
This will take the original private key (id_dsa), and create an SSH compatible public key (ssh2.dsa.pub) in the directory.
- SSH into the remote machine, and create the .ssh2 directory in your home
directory (~/) to hold the public key, and set the permissions:
mkdir .ssh2 chmod 700 .ssh2
- From the local machine, transfer the ssh2.dsa.pub file (the public key) to
the remote machine, via either sftp or scp, into the ~/.ssh2 directory:
scp ssh2.dsa.pub email@example.com:/home/user/.ssh2/id_dsa.pub
Replace "firstname.lastname@example.org" with the name of your account and domain of the remote server. You will be asked to input your password to complete the transfer.
- SSH into the remote machine, and cd to ~/.ssh2. You should find the id_dsa.pub file you transferred.
- Create the file to tell SSH where to find the public key as follows:
echo "Key id_dsa.pub" > ~/.ssh2/authorization
- Change the permissions on the files as follows for added security:
chmod 700 *
- Everything should now be set up properly. On the local machine, you should
now be able to use ssh as follows (where "email@example.com" is the name of your account and domain of the remote server):
ssh -v firstname.lastname@example.org
You will be automatically logged into the remote server (remoteserver.com) via ssh. In a similar fashion, you can do the following:
and you will be automatically logged in using sftp.
So...What is the secret?
Step 2 is where the magic occurs:
ssh-keygen -x -f id_dsa > ssh2.dsa.pub
This does generate a compatible key - the secret is the -x parameter. It isn't mentioned in the OpenSSH documentation:
But it is mentioned in the SSH documentation:
Wherein it states:
-x file Converts a private key from the X.509 format to the SSH2 format.
This is what the problem was - I couldn't generate a public/private DSA key pair that both SSH and OpenSSH would mutually understand. Passing this special flag to the keygen utility allows it to convert the private key of one format into the public key in the alternate format. What is interesting is that this flag appears to work under OpenSSH - though it isn't documented in the OpenSSH documentation! Weird, and a bit frustrating.
I wish to thank "glorpo2" for the information about this special flag, as found in his or her post at this URL (scroll to the bottom):
Without learning about that, I might still be writing code, instead of composing articles. THANK YOU!!!