- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: TCPware v5.8-2 SSH v2 Protocol DSA Keys with M...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-30-2009 04:15 PM
тАО01-30-2009 04:15 PM
TCPware v5.8-2 SSH v2 Protocol DSA Keys with Mac OS X Client
However, if I try to copy the keys to my Mac OS X 10.5.6 laptop, the "sshkeygen -y -f id_dsa" command cannot read/load the copied private key to output the public key to stdout.
Has anyone else experienced issues in the compatibility of the format of SSH v2 DSA keys generated by TCPware and Mac OS X Leopard?
Best Regards,
Ted
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-30-2009 04:37 PM
тАО01-30-2009 04:37 PM
Re: TCPware v5.8-2 SSH v2 Protocol DSA Keys with Mac OS X Client
which key format TCPware uses, but with
TCPIP, I'd expect you to need to use
"ssh-keygen -i":
http://developer.apple.com/documentation/Darwin/Reference/ManPages/man1/ssh-keygen.1.html
[...]
-i This option will read an unencrypted private (or public) key file in SSH2-compatible format and
print an OpenSSH compatible private (or public) key to stdout. ssh-keygen also reads the
`SECSH Public Key File Format'. This option allows importing keys from several commercial SSH
implementations.
[...]
I suspect that I did something like that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-30-2009 04:46 PM
тАО01-30-2009 04:46 PM
Re: TCPware v5.8-2 SSH v2 Protocol DSA Keys with Mac OS X Client
Also, when Mac OS X is requested to add a comment to an SSH v2 DSA key via the "-C" option, the comment only appears at the end of the public key file. There is no mention of it in the private key file. The TCPware SSH v2 DSA private and public keys both begin with:
Comment: "1024-bit dsa, user@host..."
The TCPware generated public key also contains a "Subject: user" line and the following begin/end tags:
---- BEGIN SSH2 PUBLIC KEY ----
---- END SSH2 PUBLIC KEY ----
The TCPware generated private key contains a "Subject: user" line, "Comment: ..." line, and begin/end tags as follows:
---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
---- END SSH2 ENCRYPTED PRIVATE KEY ----
The Mac OS X generated public key contains no "Subject:" entry and contains no begin/end tags, however, the first line of the public key does start with the string "ssh-dss ". As previously stated, it ends with the comment string (if any) supplied when it was generated.
The Mac generated private key does contain begin/end tags as follows:
-----BEGIN DSA PRIVATE KEY-----
-----END DSA PRIVATE KEY-----
Best Regards,
Ted Allen
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-30-2009 06:55 PM
тАО01-30-2009 06:55 PM
Re: TCPware v5.8-2 SSH v2 Protocol DSA Keys with Mac OS X Client
Wouldn't be my first choice for text files,
but if they're Stream_LF, it shouldn't
matter.
> ---- BEGIN SSH2 PUBLIC KEY ----
That's how my TCPIP-generated key files look.
> -----BEGIN DSA PRIVATE KEY-----
That's how my converted key files look. I
actually converted my TCPIP-generated SSH2
key files to OpenSSH format on/for Solaris,
back when "-i" was spelled "-X", but the
results should all resemble each other.
On the Mac, as on any normal OpenSSH system,
things are in "~/.ssh", and they're organized
differently. For example, instead of having
key file names in "[.ssh2]authorization", you
have the actual key data in
"~/.ssh/authorized_keys"; instead of having a
key file name in "[.ssh2]identification", you
have the data in "~/.ssh/identity"; and so
on. (On my Mac, "~/.ssh/identity" is
actually a symlink to the key file.)
If you get your SSH2 key files converted, and
all the stuff installed in the right places,
then things should work.
alp $ tcpip show version
HP TCP/IP Services for OpenVMS Alpha Version V5.4 - ECO 7
on a COMPAQ Professional Workstation XP1000 running OpenVMS V7.3-2
alp $ ssh "-V"
alp$dka0:[sys0.syscommon.][sysexe]tcpip$ssh_ssh2.exe: SSH Secure Shell OpenVMS (
V5.5) 3.2.0 on COMPAQ Professional Workstation - VMS V7.3-2
alp $ ssh smacg4x "uname -a"
Authentication successful.
Darwin smacg4x.antinode.info 9.6.0 Darwin Kernel Version 9.6.0: Mon Nov 24 17:39
:01 PST 2008; root:xnu-1228.9.59~1/RELEASE_PPC Power Macintosh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-30-2009 09:19 PM
тАО01-30-2009 09:19 PM
Re: TCPware v5.8-2 SSH v2 Protocol DSA Keys with Mac OS X Client
Thanks for the responses. The "-i" option did the trick. I had used FTP to copy the public and private keys from my OpenVMS environment to my Mac (individually in ASCII mode and then as a zip file in Binary mode) and then just renamed them to what the Mac expected (id_dsa and ids_dsa.pub) which did not work.
With the "-i" option I simply redirected the output to the desired files and that resolved the issue:
# ssh-keygen -i -f ID_DSA_VMS >> id_dsa
# ssh-keygen -i -f ID_DSA_VMS.PUB >> id_dsa.pub
Now back to working on X11 keymapping and trying to figure out why I can launch the OpenVMS dtsession (CDE) session manager from the Mac while logged onto our corporate network directly but not when logged onto it via VPN.
Thanks again for the prompt and very helpful response.
Best Regards,
Ted Allen
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-30-2009 09:40 PM
тАО01-30-2009 09:40 PM
Re: TCPware v5.8-2 SSH v2 Protocol DSA Keys with Mac OS X Client
I don't use it enough (and I'm too lazy) to
have solved all the DEL v. BS problems (et
c.) I have mapped PF1-PF4 onto F1-F4 to
avoid worries about Num-Lock, but I did that
on a system about 450 miles away (which I use
when I'm visiting there), so I don't have the
details handy.
> [...] but not when logged onto it via VPN.
X stuff is normally on (or near) port 6000,
so, once you do the right SET DISPLAY things,
you may need to worry about what gets blocked
by the fancy network software. It's bound to
be educational, though.