F-Secure SSH / OpenSSH pubkey compatibilty?

Tue Jun 29 08:09:07 EST 2004

Drifting off topic since this is really an F-Secure-SSH question...

I can log into OpenSSH from F-Secure-SSH using pubkeys.  But I cannot
log into F-Secure-SSH from OpenSSH using pubkeys.  I have scoured the
F-secure docs but can't see what is going wrong.  I also can't see the
server side errors and so this is tough to debug.  I have an
'authorization' file set with 'Key id_rsa_fsecure.pub' which is the
exported OpenSSH key.  Seems like it should work.  I can load up a
local agent and then use pubkey to localhost and that works.  So I
think permissions are okay and that pubkey is allowed.

The only diagnostics I see from OpenSSH client are these [1].
Basically tried pubkey, sorry it did not work out, moving on.

Has anyone run into this and can lend me a clue?

Peter Stuge wrote:
> Bob Proulx wrote:
> > Should I be able to extract the key somehow in a compatible format?
> 
> I think ssh-keygen from OpenSSH can convert the public key to it's
> prefered format. Try ssh-keygen -i, and/or see the man page.

That worked.  For archive for F-Secure-SSH to authenticate I also
needed an 'identification' file which pointed to the F-Secure key with
'IdKey id_rsa_1024_a' in it pointing to the F-Secure private key.
Using that I could use pubkeys to log into OpenSSH.

Thanks!
Bob

[1] I protected my employer's data here by munging paths.

OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3, SSH protocols 1.5/2.0, OpenSSL 0x0090603 f
debug1: Reading configuration data $HOME/.ssh/config
debug1: Applying options for remotehostname
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Executing proxy command:  exec proxy-connect -S 192.168.1.10 10.0.0.179 22
debug1: identity file $HOME/.ssh/identity type -1
debug1: identity file $HOME/.ssh/id_rsa type -1
debug1: identity file $HOME/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version 2.3.1 F-SECURE SSH
debug1: match: 2.3.1 F-SECURE SSH pat 2.3.*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client 3des-cbc hmac-md5 none
debug1: kex: client->server 3des-cbc hmac-md5 none
debug1: dh_gen_key: priv key bits set: 187/384
debug1: bits set: 522/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host '10.0.0.179' is known and matches the DSA host key.
debug1: Found key in $HOME/.ssh/known_hosts:46
debug1: bits set: 516/1024
debug1: ssh_dss_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password
debug1: next auth method to try is publickey
debug1: userauth_pubkey_agent: testing agent key $HOME/.ssh/id_rsa
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x8093d58 hint -1
debug1: authentications that can continue: publickey,password
debug1: try privkey: $HOME/.ssh/identity
debug1: try privkey: $HOME/.ssh/id_rsa
debug1: try privkey: $HOME/.ssh/id_dsa
debug1: next auth method to try is password