Re: OSX (OpenSSH) to GNU (SSH2) server authentication problems

From: Richard E. Silverman (
Date: 01/01/02

From: (Richard E. Silverman)
Date: 31 Dec 2001 20:53:42 -0500

>>>>> "MM" == Mark Moorcroft <> writes:

    MM> It's not clear to me why OSX keygen creates the public and private
    MM> keys in different formats?

I don't know whether you're referring to the fact that the corresponding
public and private key files for a single key are different, or that the
formats used for both by OpenSSH and SSH2 are different. However, in any
case there are no SSH-specific standards for any of this, so implementors
are free to do whatever they like.

>> This simply means that you have no hostkey entry at all on your OSX
>> box for the server -- get its public hostkeys and place
>> entries for them in your personal or global known-hosts lists
>> (~/.ssh/known_hosts or /etc/ssh_known_hosts).

    MM> Would that be known_hosts2 ?? I had already done that many times
    MM> also.

OpenSSH versions 2.9.9 have dispensed with the "2"-suffixed files, looking
for all keys in a single file (though for now OpenSSH still reads the "2"
files as well).

>> This indicates that you already have a hostkey for your OSX box on the
>> client host, and it is incorrect; you need to replace it (in the file
>> indicated) with the current one.

    MM> I have done so many, many times with the same result. Both by file
    MM> transfer and copy/paste methods.

Are you sure you are using the host key, and not some key you generated
yourself for user authentication? Since you glossed over that distinction
in your first post, and again slipped into talking about public-key *user*
authentication at the end of this post, I am suspicious. To be specific:
you would need to convert the OpenSSH host key on the OSX box thus:

% ssh-keygen -e -f /etc/

and place the result in the indicated file on the SSH2 box.

  Richard Silverman

Relevant Pages

  • Re: Using RSA key _and_ password
    ... OpenSSH should be able to do this. ... "As a second authentication method, ssh supports RSA based ... The scheme is based on public-key cryptography: ...
  • Re: client / OpenSSH server / RSA key auth
    ... Now I have my Puttygen generated RSA keypair, and exported the priv ... OpenSSH key to the server, deriving the public key with "ssh-keygen -y ... > keys betwen and OpenSSH formats. ... > but imports and exports both the others.) ...
  • Failed publickey authentication
    ... I'm trying to set up public-key authentication on a SCO OpenServer but ... the OpenSSH 3.0.1'sshd -d' output keeps gives me: ... FTP the 3 public keys into the server's /tmp directory: ...
  • Re: and openssh publickey authentication problem
    ... If you look at the contents of your various public-key files, ... that OpenSSH and use different formats. ... format which the server expects. ...
  • Re: authorized key login Solaris/linux
    ... they are the same -- or more precisely, they are the same for protocol ... BM> redirect it. ... OpenSSH and formats, not SSH1. ...