Re: OSX (OpenSSH) to GNU (SSH2) server authentication problems

From: Richard E. Silverman (slade@shore.net)
Date: 01/01/02


From: slade@shore.net (Richard E. Silverman)
Date: 31 Dec 2001 20:53:42 -0500


>>>>> "MM" == Mark Moorcroft <list@valleyofspeed.com> writes:

    MM> It's not clear to me why OSX keygen creates the public and private
    MM> keys in different formats?

I don't know whether you're referring to the fact that the corresponding
public and private key files for a single key are different, or that the
formats used for both by OpenSSH and SSH2 are different. However, in any
case there are no SSH-specific standards for any of this, so implementors
are free to do whatever they like.

>> This simply means that you have no hostkey entry at all on your OSX
>> box for the he.net server -- get its public hostkeys and place
>> entries for them in your personal or global known-hosts lists
>> (~/.ssh/known_hosts or /etc/ssh_known_hosts).

    MM> Would that be known_hosts2 ?? I had already done that many times
    MM> also.

OpenSSH versions 2.9.9 have dispensed with the "2"-suffixed files, looking
for all keys in a single file (though for now OpenSSH still reads the "2"
files as well).

>> This indicates that you already have a hostkey for your OSX box on the
>> client host, and it is incorrect; you need to replace it (in the file
>> indicated) with the current one.

    MM> I have done so many, many times with the same result. Both by file
    MM> transfer and copy/paste methods.

Are you sure you are using the host key, and not some key you generated
yourself for user authentication? Since you glossed over that distinction
in your first post, and again slipped into talking about public-key *user*
authentication at the end of this post, I am suspicious. To be specific:
you would need to convert the OpenSSH host key on the OSX box thus:

% ssh-keygen -e -f /etc/ssh_host_dsa_key.pub

and place the result in the indicated file on the SSH2 box.

-- 
  Richard Silverman
  slade@shore.net