HPE Community
Operating System - HP-UX
1832061 Members
2927 Online
110034 Solutions
New Discussion

SSH2 Client to SSH3 Server "non-password" fails

 
SOLVED
Go to solution
Mark_541
Frequent Advisor

‎04-10-2006 12:45 AM

‎04-10-2006 12:45 AM

SSH2 Client to SSH3 Server "non-password" fails

Hello,

I have a SSH2 Client (HP-UX 11) that has to connect to SSH3 server (HP-UX 11).

I have follow the procedure using ssh-keygen and copying the key from the client id_rsa_2048_b.pub (SSH2) to the server
authorized_keys..

However, still have the prompt to enter the password .. :-(

I have attached an SSH session using the debug mode (v).

BR

0 Kudos
Reply
4 REPLIES 4
Mark_541
Frequent Advisor

‎04-10-2006 12:46 AM

‎04-10-2006 12:46 AM

Re: SSH2 Client to SSH3 Server "non-password" fails

Here is the trace.
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

‎04-10-2006 01:08 AM

‎04-10-2006 01:08 AM

Solution

Re: SSH2 Client to SSH3 Server "non-password" fails

There are currently two main variants of SSH: OpenSSH-related ones and the commercial ones. They are interoperable, but there are some differences in key storage and management.

For OpenSSH-related SSHs, the public key is formatted as a single *long* line of text.

For commercial SSHs, it is a multi-line block of text with "---- BEGIN SSH2 PUBLIC KEY ----" and "---- END SSH2 PUBLIC KEY ----" delimiters.

Your server seems to be OpenSSH-related, so the public key should be appended to .ssh/authorized_keys as you seem to have done. However, the key *MUST* be in OpenSSH format for this to work. You can convert the key with *OpenSSH-related* ssh-keygen utility with this command:
ssh-keygen -i -f id_rsa_2048_b.pub >opensshformat.pub

Remove the commercial-style key from the authorized_keys file and put the converted key in there.

In addition, with a commercial SSH client (as you seem to have), you must define which key you are going to use for authentication at the client end. This is done by creating a file named .ssh2/identification. It should contain a directive "IdKey" and the name of the private key you want to use. In your case, it would probably be:
IdKey id_rsa_2048_b

Without this, the commercial SSH client won't even try to use the key for authentication (you can see in the trace that the client is looking for /home/user1/.ssh2/identification but is unable to open it, probably because it does not exist).
MK
Reply
Mark_541
Frequent Advisor

‎04-10-2006 01:28 AM

‎04-10-2006 01:28 AM

Re: SSH2 Client to SSH3 Server "non-password" fails

Hello Matti,

I will try this but for sure you have gussed the whole things: Yes, Client is commercial SSH2 and server is OpenSSH v3.

Any other advise regarding the config file on the SSH 2 Client (ssh_config or sshd_config). Enabling RSA auth for instance etc..

Thanks in advance
0 Kudos
Reply
Mark_541
Frequent Advisor

‎04-11-2006 07:44 AM

‎04-11-2006 07:44 AM

Re: SSH2 Client to SSH3 Server "non-password" fails

Well done Matti :-)

Thx lot.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.