ANNOUNCE: portable openssh-2.1.0

Markus Friedl markus.friedl at
Wed May 10 19:56:51 EST 2000

On Wed, May 10, 2000 at 03:38:39AM -0500, James H. Cloos Jr. wrote:
> From README.openssh2, I tried:
>         cd ~/.ssh
>         ssh-keygen -f authorized_keys -X >>authorized_keys2

this line is not in the readme.

please read the manpage:

     ssh-keygen - authentication key generation

     ssh-keygen -x [-f keyfile]
     ssh-keygen -X [-f keyfile]

     -x	     This option will read a private OpenSSH DSA format file and print
	     a SSH2-compatible public key to stdout.

     -X	     This option will read a SSH2-compatible public key file and print
	     an OpenSSH DSA compatible public key to stdout.

> where ~/.ssh/authorized_keys only contained one key.  I got in return:
>         buffer_get: trying to get more bytes than in buffer
> and an empty authorized_keys2 (to be expected since bash had already
> created the file before exec(2)ing ssh-keygen).

you are trying to convert a RSA key into DSA key :)

-x/-X is for trading keys with the true and original ssh-2.1.0 or ssh-2.0.13 from

> So I used ssh-keygen -d to create new id_dsa{,.pub} files, transfered
> the .pubs over and added them to each authorized_keys2 file.
> But it is still defaulting to protocol 1 even though I have 2,1 in the
> sshd_config files.

who defaults to what?

for the server 1,2 or 2,1 does not matter since it's the client
who decides what protocol to speak to the server.

> Finally, ssh -2 -v is unusable for interactive use; it prints debug
> messages for all data transfered; this does not occur when using
> protocol 1.*.

-v is for debugging.
if ssh has been tested by more people, some messages will be removed.

More information about the openssh-unix-dev mailing list