From owner-freebsd-questions Tue Nov 6 22:15: 4 2001 Delivered-To: freebsd-questions@freebsd.org Received: from prime.gushi.org (prime.gushi.org [208.23.118.172]) by hub.freebsd.org (Postfix) with ESMTP id 0670137B41D for ; Tue, 6 Nov 2001 22:14:56 -0800 (PST) Received: from localhost (danm@localhost) by prime.gushi.org (8.11.6/8.11.3) with ESMTP id fA76EQU33751 for ; Wed, 7 Nov 2001 01:14:26 -0500 (EST) Date: Wed, 7 Nov 2001 01:14:25 -0500 (EST) From: "Dan Mahoney, System Admin" To: questions@freebsd.org Subject: Differences in ssh versions PLEASE HELP. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Okay, I'm at a large server farm where our tech accounts are on a local computer in a secure location. We figured that rather than trying to maintain passwords, we would implement key-based authentication. It makes no sense to me. One version of ssh uses a file called authorized_keys2, which actually contains the key modulus. This would presumably make sense with keys generated by ssh-keygen -d, which makes something that looks like this: ssh-dss AAAAB3NzaC1kc3MAAACBAJwc8NkF3ABXmHw7JP30f5pC7/L/ph3L1pQ1fJY3Ysejm463Wr/BIZLJAA1$ qYx5DfM2uMCuGjcD8M4fOH8xleA3dRNTdFDkLQ+OBIuivVFJlPRDfLcPf2M8nS9yUoIQ== admin@ns25004.free-dns.com fair, simple. Now for some reason I have tried on an older machine ssh-keygen2, and it generates keys that look like THIS: ---- BEGIN SSH2 PUBLIC KEY ---- Subject: danm Comment: "1024-bit dsa, danm@prime.gushi.org, Wed Nov 07 2001 00:19:30\ -0500" AAAAB3NzaC1kc3MAAACBAJ/5BRuOu7a94unGW1ibM1q4vydPueq0FFjkNPl0gZuRwAzbHV TfUVdj8300a/WXzoRxSCDat2aHUCMczyIC6Y99F+qeixyB3PZ/227BrSW1G9ZMp5tKBAOC fWwR/aFBQkjr64cbdRYal/OLK1I9IeQrBmrjZUQrnkWDd6mfnrKXAAAAFQDEwVVSuSC9+J ogy4cKTHKEX5lyhwAAAIAar/HT2IGy4+/EAJ/LcEfD34xRIZIhTkzMqI8dX0YbV4elpQCM 6mco2zLnQag8HNXExRGulJuR1XeGHiR9WoncxQs0eBlxAqMhy9jWA0NTCCdYWp0CbB7rUl YzEprN0FlbQywW3cXw+NYgiMdqcW58sTeUYH/xHbfR0pEMQQb0ZQAAAIEAgtQMCXOpoJ/H GR9CEAIrtj1BnT6BgWBeR03zgTxuqiF1SNJhEmxIzKvo4+jWbjplyja/32pQEFq0++o3sF 0JMSz34FUQ66+djl0XqFABUDfQjkVQGvgGS20SRwFsJg2jPMTDWeImmwMQG1NSTNlyk5Qd A1YjYCygHuESzgjjTAc= ---- END SSH2 PUBLIC KEY ---- So how do I get THAT into an authorized_keys2 file? It would seem that older versions of the program use a file called "Authorization" which simply lists filenames of keys, rather than keys themselves. But on newer machines, this file is not mentioned. Am I right in assuming that ssh version 1 only uses rsa, and version 2 only uses dsa, and by default in newer freebsds, if you just type ssh -l username hostname, you're using version 2? I'm confused. Some consistency would be great here. -Dan Mahoney -- Christ almighty... my EYES! They're melting! -Zaren, Efnet #macintosh, in response to: www.geocities.com/CollegePark/Classroom/1944 The WEBSITE DESIGN class that gave my fiancee a D. --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Web: http://prime.gushi.org finger danm@prime.gushi.org for pgp public key and tel# --------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message