I'm not sure if this is useful to anyone else, but around here people are insisting we use key-ed authentication with windows clients and Unix servers over SSH protocol version 2. I couldn't find a free windows client that would meet those requirements. The closest was PuTTY, but it would only use password authentication with SSH2. In the end, this means we will probably have to go with OpenSSH on the servers, and ssh.com's client on the windows workstations. The problem that appears then is the differing public key file formats between the commercial SSH and OpenSSH. I've quickly put together a short script that should convert a public key (generated by the commercial windows client and pushed to a Unix server) to be used with OpenSSH's sshd. It appears to work fine with the limited testing I've done. If anyone decides to make improvements, I would appreciate receiving them. Brian King <<ssh-convkeys2.sh>> -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010419/19c3b397/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: ssh-convkeys2.sh Type: application/octet-stream Size: 458 bytes Desc: not available Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010419/19c3b397/attachment.obj
On Thu, Apr 19, 2001 at 12:44:04PM -0300, King, Brian wrote:> I'm not sure if this is useful to anyone else, but around here people are > insisting we use key-ed authentication with windows clients and Unix servers > over SSH protocol version 2. > > I couldn't find a free windows client that would meet those requirements. > The closest was PuTTY, but it would only use password authentication with > SSH2. In the end, this means we will probably have to go with OpenSSH on the > servers, and ssh.com's client on the windows workstations. The problem that > appears then is the differing public key file formats between the commercial > SSH and OpenSSH.you can try 1) a recent PuTTY with SSH 2 and RSA authentication. 2) ssh-keygen -f ssh.com-key -X >> .ssh/authorized_keys2 -m
Pretty nifty! -- Austin Gonyou Systems Architect Coremetrics, Inc. Phone: 512-796-9023 email: austin at coremetrics.com On Thu, 19 Apr 2001, King, Brian wrote:> I'm not sure if this is useful to anyone else, but around here people > are insisting we use key-ed authentication with windows clients and Unix > servers over SSH protocol version 2. > > I couldn't find a free windows client that would meet those > requirements. The closest was PuTTY, but it would only use password > authentication with SSH2. In the end, this means we will probably have > to go with OpenSSH on the servers, and ssh.com's client on the windows > workstations. The problem that appears then is the differing public key > file formats between the commercial SSH and OpenSSH. > > I've quickly put together a short script that should convert a public > key (generated by the commercial windows client and pushed to a Unix > server) to be used with OpenSSH's sshd. It appears to work fine with > the limited testing I've done. If anyone decides to make improvements, I > would appreciate receiving them. > > Brian King > > <<ssh-convkeys2.sh>> > >
On Thu, Apr 19, 2001 at 12:44:04PM -0300, King, Brian wrote:> I'm not sure if this is useful to anyone else, but around here people are > insisting we use key-ed authentication with windows clients and Unix servers > over SSH protocol version 2. > > I couldn't find a free windows client that would meet those requirements. > The closest was PuTTY, but it would only use password authentication with > SSH2. In the end, this means we will probably have to go with OpenSSH on the > servers, and ssh.com's client on the windows workstations. The problem that > appears then is the differing public key file formats between the commercial > SSH and OpenSSH.OpenSSH is available as Windows client and server using the Cygwin POSIX emulation layer. Look into http://cygwin.com. The net distro of Cygwin contains OpenSSH-2.5.2p2. Hope, that helps, Corinna -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:vinschen at redhat.com
Doesn't ssh-keygen -X do the same thing? it works for private keys too. This ssh-keygen -X seems like a hidden feature noone knows about. This is actually quite funny. I had a similair problem scouring the net and the list for answers on how to convert ssh.com private keys to openssh (the public key conversion is easy as you found out, the private key conversion was not so straightforward). I was looking and asked the list, and noone knew the answer. A few weeks later i actually went around poking the openssh code grepping for code to read / write keys, and i stumbled on some code in keygen that actually did what i needed. Lo and behold, when i manned ssh-keygen, the "-X" option was right there glaring at me. -rchit -----Original Message----- From: Austin Gonyou [mailto:austin at coremetrics.com] Sent: Thursday, April 19, 2001 2:09 PM To: King, Brian Cc: 'openssh-unix-dev at mindrot.org' Subject: Re: Converting keys from commercial ssh Pretty nifty! -- Austin Gonyou Systems Architect Coremetrics, Inc. Phone: 512-796-9023 email: austin at coremetrics.com On Thu, 19 Apr 2001, King, Brian wrote:> I'm not sure if this is useful to anyone else, but around here people > are insisting we use key-ed authentication with windows clients and Unix > servers over SSH protocol version 2. > > I couldn't find a free windows client that would meet those > requirements. The closest was PuTTY, but it would only use password > authentication with SSH2. In the end, this means we will probably have > to go with OpenSSH on the servers, and ssh.com's client on the windows > workstations. The problem that appears then is the differing public key > file formats between the commercial SSH and OpenSSH. > > I've quickly put together a short script that should convert a public > key (generated by the commercial windows client and pushed to a Unix > server) to be used with OpenSSH's sshd. It appears to work fine with > the limited testing I've done. If anyone decides to make improvements, I > would appreciate receiving them. > > Brian King > > <<ssh-convkeys2.sh>> > >
Just as a notice: PuTTY (at least the newest developer-versions) allows public key authentification with SSH2 - but only RSA keys. Works fine with me... J?rg -----Original Message----- From: King, Brian [mailto:brian.king at xwave.com] ... I couldn't find a free windows client that would meet those requirements. The closest was PuTTY, but it would only use password authentication with SSH2. ...