SSH2 to SSH1 Without Password - SSH

This is a discussion on SSH2 to SSH1 Without Password - SSH ; Hi everyone, I'm looking for a way to go from a linux machine with ssh2 (openssh 3.9) to a linux machine with ssh1 (openssh 3.1) without a password. This works fine on all of my ssh1 machines, where I can ...

+ Reply to Thread
Results 1 to 18 of 18

Thread: SSH2 to SSH1 Without Password

  1. SSH2 to SSH1 Without Password

    Hi everyone,

    I'm looking for a way to go from a linux machine with ssh2 (openssh
    3.9) to a linux machine with ssh1 (openssh 3.1) without a password.
    This works fine on all of my ssh1 machines, where I can just generate a
    public key and paste it into the authorized_keys2 file on the server.
    But the public keys are different in ssh2 and although I've tried to
    generate a key and paste it over, it doesn't work. They're just not in
    the same format. What's the proper way to enable the ssh2 machine to
    ssh to the ssh1 machine without passwords?

    Thanks,
    Sean Feeney


  2. Re: SSH2 to SSH1 Without Password

    >>>>> "AuGuR" == AuGuR writes:

    AuGuR> Hi everyone, I'm looking for a way to go from a linux machine
    AuGuR> with ssh2 (openssh 3.9) to a linux machine with ssh1 (openssh
    AuGuR> 3.1) without a password. This works fine on all of my ssh1
    AuGuR> machines, where I can just generate a public key and paste it
    AuGuR> into the authorized_keys2 file on the server. But the public
    AuGuR> keys are different in ssh2 and although I've tried to generate
    AuGuR> a key and paste it over, it doesn't work. They're just not in
    AuGuR> the same format. What's the proper way to enable the ssh2
    AuGuR> machine to ssh to the ssh1 machine without passwords?

    ssh-keygen -t rsa1

    --
    Richard Silverman
    res@qoxp.net


  3. Re: SSH2 to SSH1 Without Password

    Already tried...gives this error message:

    Error: unknown key type.


  4. Re: SSH2 to SSH1 Without Password

    AuGuR wrote:
    > Already tried...gives this error message:
    >
    > Error: unknown key type.
    >


    Gen the key on the ssh1 box.

  5. Re: SSH2 to SSH1 Without Password

    Okay, I generated the key on the ssh1 box and placed it in the
    following files on the ssh2 box:

    /root/.ssh2/authorization (added a Key pointing to--)
    /root/.ssh2/id_dsa_HOSTNAME_root.pub
    /root/.ssh2/hostkeys/key_22_HOSTNAME.pub
    /root/.ssh/authorized_keys2
    /root/.ssh/known_hosts

    None of these worked...it's still prompting for password. Is there a
    special place I need to put it?


  6. Re: SSH2 to SSH1 Without Password

    >>>>> "AuGuR" == AuGuR writes:

    AuGuR> Okay, I generated the key on the ssh1 box and placed it in the
    AuGuR> following files on the ssh2 box:

    AuGuR> /root/.ssh2/authorization (added a Key pointing to--)
    AuGuR> /root/.ssh2/id_dsa_HOSTNAME_root.pub
    AuGuR> /root/.ssh2/hostkeys/key_22_HOSTNAME.pub
    AuGuR> /root/.ssh/authorized_keys2 /root/.ssh/known_hosts

    AuGuR> None of these worked...it's still prompting for password. Is
    AuGuR> there a special place I need to put it?

    Ah. By "ssh2", you mean the software from ssh.com. That's confusing,
    because in your original post you indicated you had OpenSSH on both sides.

    You need to convert the public key with the OpenSSH:

    ssh-keygen -e -f

    --
    Richard Silverman
    res@qoxp.net


  7. Re: SSH2 to SSH1 Without Password

    No, I'm running openssh on both sides with version #'s as listed in my
    original post.

    Richard E. Silverman wrote:
    > Ah. By "ssh2", you mean the software from ssh.com. That's confusing,
    > because in your original post you indicated you had OpenSSH on both sides.
    >
    > You need to convert the public key with the OpenSSH:
    >
    > ssh-keygen -e -f



  8. Re: SSH2 to SSH1 Without Password

    AuGuR wrote:
    > Okay, I generated the key on the ssh1 box and placed it in the
    > following files on the ssh2 box:
    >
    > /root/.ssh2/authorization (added a Key pointing to--)
    > /root/.ssh2/id_dsa_HOSTNAME_root.pub
    > /root/.ssh2/hostkeys/key_22_HOSTNAME.pub
    > /root/.ssh/authorized_keys2
    > /root/.ssh/known_hosts
    >
    > None of these worked...it's still prompting for password. Is there a
    > special place I need to put it?
    >


    Which key did you place on the ssh2 box? I was thinking to try putting
    the private key there and the public key on the ssh1 box in the
    authorized_keys file.

  9. Re: SSH2 to SSH1 Without Password

    >>>>> "AuGuR" == AuGuR writes:

    AuGuR> No, I'm running openssh on both sides with version #'s as
    AuGuR> listed in my original post.

    The files you indicated: .ssh2, authorzation, "key" lines in that file,
    etc. are only used by the Tectia SSH server software from ssh.com.

    AuGuR> Richard E. Silverman wrote:
    >> Ah. By "ssh2", you mean the software from ssh.com. That's
    >> confusing, because in your original post you indicated you had
    >> OpenSSH on both sides.
    >>
    >> You need to convert the public key with the OpenSSH:
    >>
    >> ssh-keygen -e -f



    --
    Richard Silverman
    res@qoxp.net


  10. Re: SSH2 to SSH1 Without Password

    Chuck wrote:
    > Which key did you place on the ssh2 box? I was thinking to try putting
    > the private key there and the public key on the ssh1 box in the
    > authorized_keys file.


    I placed the dsa key generated by the ssh1 box onto the ssh2 box in all
    of the places listed above. When I generate a key on the ssh2 box it
    generates in 2048-bit rsa that the ssh1 box would not understand. As
    Richard said I need to generate an rsa1 key, but the ssh2 installed
    doesn't seem to know what that is.


  11. Re: SSH2 to SSH1 Without Password

    Richard E. Silverman wrote:
    > The files you indicated: .ssh2, authorzation, "key" lines in that file,
    > etc. are only used by the Tectia SSH server software from ssh.com.


    Interesting...where does Tectia install to? Because the openssh is also
    installed if that is, and perhaps I just need to remove the Tectia
    version.


  12. Re: SSH2 to SSH1 Without Password

    >
    > Richard E. Silverman wrote:
    > > The files you indicated: .ssh2, authorzation, "key" lines in that file,
    > > etc. are only used by the Tectia SSH server software from ssh.com.

    >
    > Interesting...where does Tectia install to? Because the openssh is also
    > installed if that is, and perhaps I just need to remove the Tectia
    > version.


    This has become too confusing. First you mentioned an authorized_keys2
    file, which implies the OpenSSH server; then you talked about editing
    ~/.ssh2/authorization, which implies the Tectia server. Why did you
    mention the latter at all? And what do you mean by the terms "ssh1" and
    "ssh2"? Software versions? Software packages? Protocol versions? It is
    entirely unclear.

    Include an ssh -vv trace so we can see exactly what you're doing.

    --
    Richard Silverman
    res@qoxp.net


  13. Re: SSH2 to SSH1 Without Password

    ROOT@SSH2MACHINE:/> ssh -vv SSH1MACHINE
    debug: Connecting to SSH1MACHINE, port 22... (SOCKS not used)
    debug: Ssh2Transport/trcommon.c:3676/ssh_tr_create: My version:
    SSH-1.99-3.2.9.1 SSH Secure Shell (non-commercial)
    debug: client supports 3 auth methods:
    'publickey,keyboard-interactive,password'
    debug: Ssh2Common/sshcommon.c:537/ssh_common_wrap: local ip =
    43.145.106.43, local port = 60321
    debug: Ssh2Common/sshcommon.c:539/ssh_common_wrap: remote ip =
    162.49.73.103, remote port = 22
    debug: SshConnection/sshconn.c:1945/ssh_conn_wrap: Wrapping...
    debug: SshReadLine/sshreadline.c:2427/ssh_readline_eloop_initialize:
    Initializing ReadLine...
    debug: Remote version: SSH-1.99-OpenSSH_3.1p1
    debug: OpenSSH: Major: 3 Minor: 1 Revision: 0
    debug: Ssh2Transport/trcommon.c:973/ssh_tr_input_version: All versions
    of OpenSSH handle kex guesses incorrectly.
    debug: Ssh2Transport/trcommon.c:1367/ssh_tr_negotiate: lang s to c: `',
    lang c to s: `'
    debug: Ssh2Transport/trcommon.c:1433/ssh_tr_negotiate: c_to_s: cipher
    aes128-cbc, mac hmac-sha1, compression none
    debug: Ssh2Transport/trcommon.c:1436/ssh_tr_negotiate: s_to_c: cipher
    aes128-cbc, mac hmac-sha1, compression none
    debug: Remote host key found from database.
    debug: Ssh2Common/sshcommon.c:332/ssh_common_special: Received
    SSH_CROSS_STARTUP packet from connection protocol.
    debug: Ssh2Common/sshcommon.c:382/ssh_common_special: Received
    SSH_CROSS_ALGORITHMS packet from connection protocol.
    debug: server offers auth methods
    'publickey,password,keyboard-interactive'.
    debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1800/ssh_client_auth_pubkey:
    Starting pubkey auth...
    debug:
    Ssh2AuthPubKeyClient/authc-pubkey.c:1757/ssh_client_auth_pubkey_agent_open_complete:
    Agent is not running.
    debug:
    Ssh2AuthPubKeyClient/authc-pubkey.c:1555/ssh_client_auth_pubkey_agent_list_complete:
    Got 0 keys from the agent.
    debug:
    Ssh2AuthPubKeyClient/authc-pubkey.c:1672/ssh_client_auth_pubkey_add_file_keys:
    adding keyfile "/root/.ssh2/id_dsa_2048_a" to candidates
    debug:
    Ssh2AuthPubKeyClient/authc-pubkey.c:1535/ssh_client_auth_pubkey_add_candidates:
    Trying 1 key candidates.
    debug: server offers auth methods
    'publickey,password,keyboard-interactive'.
    debug:
    Ssh2AuthPubKeyClient/authc-pubkey.c:989/ssh_client_auth_pubkey_try_this_candidate:
    All keys declined by server, disabling method.
    debug: Ssh2AuthClient/sshauthc.c:319/ssh_authc_completion_proc: Method
    'publickey' disabled.
    debug: server offers auth methods
    'publickey,password,keyboard-interactive'.
    debug:
    Ssh2AuthKbdInteractiveClient/authc-kbd-interactive.c:342/ssh_client_auth_kbd_interact:
    Starting kbd-int auth...
    debug: server offers auth methods
    'publickey,password,keyboard-interactive'.
    debug: Ssh2AuthPasswdClient/authc-passwd.c:105/ssh_client_auth_passwd:
    Starting password auth...
    root's password:


  14. Re: SSH2 to SSH1 Without Password


    You are *not* using OpenSSH on the client machine; this is Tectia.

    > ROOT@SSH2MACHINE:/> ssh -vv SSH1MACHINE
    > debug: Connecting to SSH1MACHINE, port 22... (SOCKS not used)
    > debug: Ssh2Transport/trcommon.c:3676/ssh_tr_create: My version:
    > SSH-1.99-3.2.9.1 SSH Secure Shell (non-commercial)
    > debug: client supports 3 auth methods:
    > 'publickey,keyboard-interactive,password'
    > debug: Ssh2Common/sshcommon.c:537/ssh_common_wrap: local ip =
    > 43.145.106.43, local port = 60321
    > debug: Ssh2Common/sshcommon.c:539/ssh_common_wrap: remote ip =
    > 162.49.73.103, remote port = 22
    > debug: SshConnection/sshconn.c:1945/ssh_conn_wrap: Wrapping...
    > debug: SshReadLine/sshreadline.c:2427/ssh_readline_eloop_initialize:
    > Initializing ReadLine...
    > debug: Remote version: SSH-1.99-OpenSSH_3.1p1
    > debug: OpenSSH: Major: 3 Minor: 1 Revision: 0
    > debug: Ssh2Transport/trcommon.c:973/ssh_tr_input_version: All versions
    > of OpenSSH handle kex guesses incorrectly.
    > debug: Ssh2Transport/trcommon.c:1367/ssh_tr_negotiate: lang s to c: `',
    > lang c to s: `'
    > debug: Ssh2Transport/trcommon.c:1433/ssh_tr_negotiate: c_to_s: cipher
    > aes128-cbc, mac hmac-sha1, compression none
    > debug: Ssh2Transport/trcommon.c:1436/ssh_tr_negotiate: s_to_c: cipher
    > aes128-cbc, mac hmac-sha1, compression none
    > debug: Remote host key found from database.
    > debug: Ssh2Common/sshcommon.c:332/ssh_common_special: Received
    > SSH_CROSS_STARTUP packet from connection protocol.
    > debug: Ssh2Common/sshcommon.c:382/ssh_common_special: Received
    > SSH_CROSS_ALGORITHMS packet from connection protocol.
    > debug: server offers auth methods
    > 'publickey,password,keyboard-interactive'.
    > debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1800/ssh_client_auth_pubkey:
    > Starting pubkey auth...
    > debug:
    > Ssh2AuthPubKeyClient/authc-pubkey.c:1757/ssh_client_auth_pubkey_agent_open_complete:
    > Agent is not running.
    > debug:
    > Ssh2AuthPubKeyClient/authc-pubkey.c:1555/ssh_client_auth_pubkey_agent_list_complete:
    > Got 0 keys from the agent.
    > debug:
    > Ssh2AuthPubKeyClient/authc-pubkey.c:1672/ssh_client_auth_pubkey_add_file_keys:
    > adding keyfile "/root/.ssh2/id_dsa_2048_a" to candidates
    > debug:
    > Ssh2AuthPubKeyClient/authc-pubkey.c:1535/ssh_client_auth_pubkey_add_candidates:
    > Trying 1 key candidates.
    > debug: server offers auth methods
    > 'publickey,password,keyboard-interactive'.
    > debug:
    > Ssh2AuthPubKeyClient/authc-pubkey.c:989/ssh_client_auth_pubkey_try_this_candidate:
    > All keys declined by server, disabling method.
    > debug: Ssh2AuthClient/sshauthc.c:319/ssh_authc_completion_proc: Method
    > 'publickey' disabled.
    > debug: server offers auth methods
    > 'publickey,password,keyboard-interactive'.
    > debug:
    > Ssh2AuthKbdInteractiveClient/authc-kbd-interactive.c:342/ssh_client_auth_kbd_interact:
    > Starting kbd-int auth...
    > debug: server offers auth methods
    > 'publickey,password,keyboard-interactive'.

    debug: Ssh2AuthPasswdClient/authc-passwd.c:105/ssh_client_auth_passwd:
    Starting password auth...
    root's password:


    --
    Richard Silverman
    res@qoxp.net


  15. Re: SSH2 to SSH1 Without Password

    On 2006-07-28, AuGuR wrote:

    > of the places listed above. When I generate a key on the ssh2 box it
    > generates in 2048-bit rsa that the ssh1 box would not understand. As


    What I think you want is a plaintext rsa key to which you can afterward
    add a passphrase. Does -P with ssh-keygen get you a plaintext key?

    Stop thinking of OpenSSH as ssh1. It isn't and you will need OpenSSH
    performing protocol 2 to use it with a commercial ssh2 program.
    In fact if you look in ssh_config and sshd_config and set Protocol
    to 2 (only) maybe you'll find it easier to follow what happens.

    --
    Elvis Notargiacomo master AT barefaced DOT cheek
    http://www.notatla.org.uk/goen/
    One of my other 11 computers runs Minix.

  16. Re: SSH2 to SSH1 Without Password

    >>>>> "AMR" == all mail refused writes:

    AMR> On 2006-07-28, AuGuR wrote:
    >> of the places listed above. When I generate a key on the ssh2 box
    >> it generates in 2048-bit rsa that the ssh1 box would not
    >> understand. As


    AMR> What I think you want is a plaintext rsa key to which you can
    AMR> afterward add a passphrase. Does -P with ssh-keygen get you a
    AMR> plaintext key?

    AMR> Stop thinking of OpenSSH as ssh1. It isn't and you will need
    AMR> OpenSSH performing protocol 2 to use it with a commercial ssh2
    AMR> program.

    Actually, Tectia does support protocol 1.

    --
    Richard Silverman
    res@qoxp.net


  17. Re: SSH2 to SSH1 Without Password

    So back to the question...how do I remove Tectia and just use the built
    in OpenSSH?

    Thanks,
    Sean

    Richard E. Silverman wrote:
    > You are *not* using OpenSSH on the client machine; this is Tectia.



  18. Re: SSH2 to SSH1 Without Password

    >>>>> "AuGuR" == AuGuR writes:

    AuGuR> So back to the question...how do I remove Tectia and just use
    AuGuR> the built in OpenSSH?

    How should I know? It depends on how it was installed. If you're lucky,
    perhaps it was installed via a package manager (dpkg, rpm, etc.) and it's
    easy. If you're unlucky, you'll have to track it down and rip it
    out by hand.

    AuGuR> Thanks, Sean

    AuGuR> Richard E. Silverman wrote:
    >> You are *not* using OpenSSH on the client machine; this is Tectia.



    --
    Richard Silverman
    res@qoxp.net


+ Reply to Thread