1. SSH Notes
1.1. Public Key Authentication Between OpenSSH and SSH.com's SSH
OpenSSH and SSH.com's SSH use different formats for public keys and are configured differently. SSH.com's SSH uses the SECSH format, which is a draft RFC. OpenSSH's ssh-keygen has the ability to convert between the two formats.
-
To convert a public key generated with OpenSSH to SECSH format, use:
$ ssh-keygen -e -f OPENSSH_PUBLIC_KEY_FILE
This prints the SECSH format to stdout, so you can either copy and paste it or redirect the output to a file. -
To convert from SECSH format to OpenSSH, use:
$ ssh-keygen -i -f SECSH_PUBLIC_KEY_FILE
Likewise it prints to stdout. -
To permit an OpenSSH client to login to SSH.com's SSH, create a file on the server in $HOME/.ssh2/authorization with the contents:
Key SECSH_PUBLIC_KEY_FILE
You then put the SECSH-formatted public key into $HOME/.ssh2/SECSH_PUBLIC_KEY_FILE. You can have multiple Key entries for multiple keys
(there can be only one key per file).
-
To permit a SSH.com client to login to an OpenSSH server, create a file on the client in $HOME/.ssh2/identification with the contents IdKey id_dsa_2048_a (or whatever file your client key is in). Then copy the OpenSSH-formatted key to $HOME/.ssh/authorized_keys[2] on the OpenSSH server. authorized_keys is generally the preferred name for SSHv1 keys and authorized_keys2 is the preferred name for SSHv2 keys.
-
In OpenSSH, you can concatenate multiple public keys to permit authentication from multiple accounts. I like to do the pubkey installation
ssh SERVER "mkdir -p 600 .ssh; cat >> .ssh/authorized_keys2" < .ssh/PUB_KEY_FILEssh will prompt for your password and read input on different file descriptors than stdout and stdin, so this works.
1.2. Server Hopping
Let's say you've got a gateway ssh host that you have to login to before logging into internal hosts. You're lazy and only want to type one command. Here's what you do:$ ssh -t 'ssh user@host'Pretty obvious, huh? Not sure why it took me to long to realize I could do it.
