Hello,
I would like to use Public Key authentication with OpenSSH. I am trying to
use a
public / private key set created using CA.pl.
http://www.openssl.org/docs/apps/CA.pl.html
I am not sure but I think my OpenSSL keys will not work until some conversion
takes place.
I was able to get them working between Windows (Putty.EXE) and my SSHD server
but
PuttyGen.EXE converted the public keys for me.
QUESTION: How do I convert the keys myself [using OpenSSL or...] so one unix
box
can talk/SSH to the other using public key authentication???
(* Thanks in advance!! and also please reply directly to me since I am not a
member
of this listserver. *)
I found this message (listed below) on the OpenSSL archives.
The message explains the differences between the two formats that I am seeing
but does
not help me with converting from one format to the other.
In message <41077310.9080102 at zrz.TU-Berlin.DE> on Wed, 28 Jul 2004
11:34:08 +0200,
Gerd Schering <Schering at zrz.TU-Berlin.DE> said:
Schering> Then I extracted the public key,
Schering> 1. with openssl:
Schering>
Schering> -----BEGIN PUBLIC KEY-----
Schering> MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC/mID2ohE8oahTW2/v0uXOKe/9
Schering> 8Lxywo8p0D56prYHlMIUoTMkouoY+DfbF65a1gNQaLCp2izqSPQZvHk9RqESpGkT
Schering> df8voe9uONz902xZ9f5fJVgi2ASQvKpEzlZOWVuPPXWqTe1eqQLQ39wAaX/TqA6h
Schering> raEdYAWxZUUn3iTv1wIBIw=Schering> -----END PUBLIC KEY-----
Schering>
Schering> 2. with ssh-keygen:
Schering>
Schering> ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAv5iA9qIRPKGoU1tv79Llzinv/fC8csKPKdA+e \
Schering>
qa2B5TCFKEzJKLqGPg32xeuWtYDUGiwqdos6kj0Gbx5PUahEqRpE3X/L6Hvbjjc/dNsWfX+Xy \
Schering>
VYItgEkLyqRM5WTllbjz11qk3tXqkC0N/cAGl/06gOoa2hHWAFsWVFJ94k79cSchering> (there
are no newlines)
Schering>
Schering>
Schering> They look different and the ssh key is not in PEM format.
Schering> But besides that by which means is this difference produced?
Schering> Or s it only the lack of header-, footer-, newlines and the
Schering> "ssh-rsa" which produces a different base64 encoding?
The difference is in structure. In the PEM form, there are some codes
around the RSA numbers that indicate what they are (ASN.1 structure,
DER encoding, if that says anything). In the SSH form, the BASE64
stuff includes a repeat of "ssh-rsa", followed by the RSA numbers e
and n, with no extra structure information.
Schering> B.t.w In PEM format, are the newlines part of the
Schering> base64-encoded data, or get the data encoded first?
The data is encoded first, the newlines are added on and are basically
part of the PEM format. BASE64 can be all in one line if you want.
--
Ben Hacker, Jr.
Sr. Security Analyst
strbenjr at yahoo.com
ben_hacker at inter-op.net
703.751.3757 (w)
-- -- --
http://www.coeba.org
http://www.inter-op.net
http://www.hackerweb.net/bthacker