F-Secure SSH / OpenSSH pubkey compatibilty?
Bob Proulx
bob at proulx.com
Tue Jun 29 08:09:07 EST 2004
Drifting off topic since this is really an F-Secure-SSH question...
I can log into OpenSSH from F-Secure-SSH using pubkeys. But I cannot
log into F-Secure-SSH from OpenSSH using pubkeys. I have scoured the
F-secure docs but can't see what is going wrong. I also can't see the
server side errors and so this is tough to debug. I have an
'authorization' file set with 'Key id_rsa_fsecure.pub' which is the
exported OpenSSH key. Seems like it should work. I can load up a
local agent and then use pubkey to localhost and that works. So I
think permissions are okay and that pubkey is allowed.
The only diagnostics I see from OpenSSH client are these [1].
Basically tried pubkey, sorry it did not work out, moving on.
Has anyone run into this and can lend me a clue?
Peter Stuge wrote:
> Bob Proulx wrote:
> > Should I be able to extract the key somehow in a compatible format?
>
> I think ssh-keygen from OpenSSH can convert the public key to it's
> prefered format. Try ssh-keygen -i, and/or see the man page.
That worked. For archive for F-Secure-SSH to authenticate I also
needed an 'identification' file which pointed to the F-Secure key with
'IdKey id_rsa_1024_a' in it pointing to the F-Secure private key.
Using that I could use pubkeys to log into OpenSSH.
Thanks!
Bob
[1] I protected my employer's data here by munging paths.
OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3, SSH protocols 1.5/2.0, OpenSSL 0x0090603 f
debug1: Reading configuration data $HOME/.ssh/config
debug1: Applying options for remotehostname
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Executing proxy command: exec proxy-connect -S 192.168.1.10 10.0.0.179 22
debug1: identity file $HOME/.ssh/identity type -1
debug1: identity file $HOME/.ssh/id_rsa type -1
debug1: identity file $HOME/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version 2.3.1 F-SECURE SSH
debug1: match: 2.3.1 F-SECURE SSH pat 2.3.*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client 3des-cbc hmac-md5 none
debug1: kex: client->server 3des-cbc hmac-md5 none
debug1: dh_gen_key: priv key bits set: 187/384
debug1: bits set: 522/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host '10.0.0.179' is known and matches the DSA host key.
debug1: Found key in $HOME/.ssh/known_hosts:46
debug1: bits set: 516/1024
debug1: ssh_dss_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password
debug1: next auth method to try is publickey
debug1: userauth_pubkey_agent: testing agent key $HOME/.ssh/id_rsa
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x8093d58 hint -1
debug1: authentications that can continue: publickey,password
debug1: try privkey: $HOME/.ssh/identity
debug1: try privkey: $HOME/.ssh/id_rsa
debug1: try privkey: $HOME/.ssh/id_dsa
debug1: next auth method to try is password
More information about the openssh-unix-dev
mailing list