Date: Wed, 7 Nov 2001 09:58:41 +0000 (GMT) From: Jan Grant <Jan.Grant@bristol.ac.uk> To: "Dan Mahoney, System Admin" <danm@prime.gushi.org> Cc: questions <questions@freebsd.org> Subject: Re: Differences in ssh versions PLEASE HELP. Message-ID: <Pine.GSO.4.31.0111070955420.12223-100000@mail.ilrt.bris.ac.uk> In-Reply-To: <Pine.BSF.4.21.0111070108100.33635-100000@prime.gushi.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 7 Nov 2001, Dan Mahoney, System Admin wrote: > Okay, I'm at a large server farm where our tech accounts are on a local > computer in a secure location. We figured that rather than trying to > maintain passwords, we would implement key-based authentication. > > It makes no sense to me. > > One version of ssh uses a file called authorized_keys2, which actually > contains the key modulus. > > This would presumably make sense with keys generated by ssh-keygen -d, > which makes something that looks like this: > > ssh-dss > AAAAB3NzaC1kc3MAAACBAJwc8NkF3ABXmHw7JP30f5pC7/L/ph3L1pQ1fJY3Ysejm463Wr/BIZLJAA1$ > qYx5DfM2uMCuGjcD8M4fOH8xleA3dRNTdFDkLQ+OBIuivVFJlPRDfLcPf2M8nS9yUoIQ== > admin@ns25004.free-dns.com > > fair, simple. > > Now for some reason I have tried on an older machine ssh-keygen2, and it > generates keys that look like THIS: > > ---- BEGIN SSH2 PUBLIC KEY ---- > Subject: danm > Comment: "1024-bit dsa, danm@prime.gushi.org, Wed Nov 07 2001 00:19:30\ > -0500" > AAAAB3NzaC1kc3MAAACBAJ/5BRuOu7a94unGW1ibM1q4vydPueq0FFjkNPl0gZuRwAzbHV > TfUVdj8300a/WXzoRxSCDat2aHUCMczyIC6Y99F+qeixyB3PZ/227BrSW1G9ZMp5tKBAOC > fWwR/aFBQkjr64cbdRYal/OLK1I9IeQrBmrjZUQrnkWDd6mfnrKXAAAAFQDEwVVSuSC9+J > ogy4cKTHKEX5lyhwAAAIAar/HT2IGy4+/EAJ/LcEfD34xRIZIhTkzMqI8dX0YbV4elpQCM > 6mco2zLnQag8HNXExRGulJuR1XeGHiR9WoncxQs0eBlxAqMhy9jWA0NTCCdYWp0CbB7rUl > YzEprN0FlbQywW3cXw+NYgiMdqcW58sTeUYH/xHbfR0pEMQQb0ZQAAAIEAgtQMCXOpoJ/H > GR9CEAIrtj1BnT6BgWBeR03zgTxuqiF1SNJhEmxIzKvo4+jWbjplyja/32pQEFq0++o3sF > 0JMSz34FUQ66+djl0XqFABUDfQjkVQGvgGS20SRwFsJg2jPMTDWeImmwMQG1NSTNlyk5Qd > A1YjYCygHuESzgjjTAc= > ---- END SSH2 PUBLIC KEY ---- > > So how do I get THAT into an authorized_keys2 file? > > It would seem that older versions of the program use a file called > "Authorization" which simply lists filenames of keys, rather than keys > themselves. But on newer machines, this file is not mentioned. > > Am I right in assuming that ssh version 1 only uses rsa, and version 2 > only uses dsa, and by default in newer freebsds, if you just type ssh -l > username hostname, you're using version 2? > > I'm confused. Some consistency would be great here. The latter is a ssh.com file - the former is openssh's file format. ssh-keygen -i -f .ssh2/... >> .ssh/authorized_keys2 (I think). -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk I shave with Occam's Razor. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.31.0111070955420.12223-100000>