From owner-freebsd-questions Wed Nov 7 2: 1:13 2001 Delivered-To: freebsd-questions@freebsd.org Received: from dire.bris.ac.uk (dire.bris.ac.uk [137.222.10.60]) by hub.freebsd.org (Postfix) with ESMTP id C65E937B405 for ; Wed, 7 Nov 2001 02:01:09 -0800 (PST) Received: from mail.ilrt.bris.ac.uk by dire.bris.ac.uk with SMTP-PRIV with ESMTP; Wed, 7 Nov 2001 10:00:56 +0000 Received: from cmjg (helo=localhost) by mail.ilrt.bris.ac.uk with local-esmtp (Exim 3.16 #1) id 161PTl-0004p9-00; Wed, 07 Nov 2001 09:58:41 +0000 Date: Wed, 7 Nov 2001 09:58:41 +0000 (GMT) From: Jan Grant X-X-Sender: To: "Dan Mahoney, System Admin" Cc: questions Subject: Re: Differences in ssh versions PLEASE HELP. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 7 Nov 2001, Dan Mahoney, System Admin wrote: > Okay, I'm at a large server farm where our tech accounts are on a local > computer in a secure location. We figured that rather than trying to > maintain passwords, we would implement key-based authentication. > > It makes no sense to me. > > One version of ssh uses a file called authorized_keys2, which actually > contains the key modulus. > > This would presumably make sense with keys generated by ssh-keygen -d, > which makes something that looks like this: > > ssh-dss > AAAAB3NzaC1kc3MAAACBAJwc8NkF3ABXmHw7JP30f5pC7/L/ph3L1pQ1fJY3Ysejm463Wr/BIZLJAA1$ > qYx5DfM2uMCuGjcD8M4fOH8xleA3dRNTdFDkLQ+OBIuivVFJlPRDfLcPf2M8nS9yUoIQ== > admin@ns25004.free-dns.com > > fair, simple. > > Now for some reason I have tried on an older machine ssh-keygen2, and it > generates keys that look like THIS: > > ---- BEGIN SSH2 PUBLIC KEY ---- > Subject: danm > Comment: "1024-bit dsa, danm@prime.gushi.org, Wed Nov 07 2001 00:19:30\ > -0500" > AAAAB3NzaC1kc3MAAACBAJ/5BRuOu7a94unGW1ibM1q4vydPueq0FFjkNPl0gZuRwAzbHV > TfUVdj8300a/WXzoRxSCDat2aHUCMczyIC6Y99F+qeixyB3PZ/227BrSW1G9ZMp5tKBAOC > fWwR/aFBQkjr64cbdRYal/OLK1I9IeQrBmrjZUQrnkWDd6mfnrKXAAAAFQDEwVVSuSC9+J > ogy4cKTHKEX5lyhwAAAIAar/HT2IGy4+/EAJ/LcEfD34xRIZIhTkzMqI8dX0YbV4elpQCM > 6mco2zLnQag8HNXExRGulJuR1XeGHiR9WoncxQs0eBlxAqMhy9jWA0NTCCdYWp0CbB7rUl > YzEprN0FlbQywW3cXw+NYgiMdqcW58sTeUYH/xHbfR0pEMQQb0ZQAAAIEAgtQMCXOpoJ/H > GR9CEAIrtj1BnT6BgWBeR03zgTxuqiF1SNJhEmxIzKvo4+jWbjplyja/32pQEFq0++o3sF > 0JMSz34FUQ66+djl0XqFABUDfQjkVQGvgGS20SRwFsJg2jPMTDWeImmwMQG1NSTNlyk5Qd > A1YjYCygHuESzgjjTAc= > ---- END SSH2 PUBLIC KEY ---- > > So how do I get THAT into an authorized_keys2 file? > > It would seem that older versions of the program use a file called > "Authorization" which simply lists filenames of keys, rather than keys > themselves. But on newer machines, this file is not mentioned. > > Am I right in assuming that ssh version 1 only uses rsa, and version 2 > only uses dsa, and by default in newer freebsds, if you just type ssh -l > username hostname, you're using version 2? > > I'm confused. Some consistency would be great here. The latter is a ssh.com file - the former is openssh's file format. ssh-keygen -i -f .ssh2/... >> .ssh/authorized_keys2 (I think). -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk I shave with Occam's Razor. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message