Re: Using existing keys
From: Roumen Petrov (openssh_at_roumenpetrov.info)
Date: Fri, 04 Feb 2005 22:08:49 +0200 To: Antony Gelberg <firstname.lastname@example.org>
You needed X.509 support for OpenSSH.
Please visit my page http://roumenpetrov.info/openssh and download diff
for appropriate OpenSSH version.
Antony Gelberg wrote:
> Hi all,
> We'd like to use certificates to ssh between machines in our network.
> The machines concerned already have X.509 certificates and private keys
> for use with openswan, and we would like to re-use these for ssh rather
> than generate new ones with ssh-keygen.
> I think all the files are in the right places (id_rsa, id_rsa.pub on the
> client, and a copy of the client public key in authorized_keys2).
> According to the server debug, there is a problem with the client public
> key in authorized_keys2. This was generated from the public key withthe
> command openssl rsa -in privatekey.pem -pubout > publickey.pem
> I generated a keypair with ssh_keygen for comparison purposes and there
> is a noticable difference in the format as follows.
> openssl-generated public key:
> -----BEGIN PUBLIC KEY-----
> -----END PUBLIC KEY-----
> ssh-keygen public key:
> How can I get sshd to work with the former style of public key, or is
> there any other workaround? We're using 3.8.1 on Linux at both ends.