Converting from a openssl dsa key to a one line SSH2 key (for authorized_keys) - SSH

This is a discussion on Converting from a openssl dsa key to a one line SSH2 key (for authorized_keys) - SSH ; Hi, I was wondering if it is possible to take a dsa public key generated by openssl and convert it to a ssh2 public key without knowing the private key. In my case I can't use ssh-keygen to generate the ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Converting from a openssl dsa key to a one line SSH2 key (for authorized_keys)

  1. Converting from a openssl dsa key to a one line SSH2 key (for authorized_keys)

    Hi,

    I was wondering if it is possible to take a dsa public key generated
    by openssl and convert it to a ssh2 public key without knowing the
    private key. In my case I can't use ssh-keygen to generate the
    original key since the key is being generated by some custom hardware
    that doesn't support it.

    I would like to convert from this:

    -----BEGIN PUBLIC KEY-----
    MIIBtzCCASwGByqGSM44BAEwggEfAoGBAMuauKgKUWd4WtyFZ5 Um/dsQ/ruEFp3v
    IU6oqP9oH6pPUYFVqhsQoIwgMtXHA3qaIxUdO3iT1yBiNJyH3G hZOrxTeZUjnwGq
    cYrriJv0pYA101RWFPhSSpabOtps2MXHhKh816xwxpWf3UAG+b mo8bV65tkaQftO
    XZr42Z/3U7O5AhUAzVh2K97rWmkSZpTIY2WmY8HVyMsCgYEAptxRCaqoo Umzg8rj
    Zo91rHt+N4CLmJu9QQiFfGXOcVw7Sj3yAARM0ZB+js76XJ9fF7 Xh88jr66zVEVuT
    7FW0/PqBdK0qp8Cx+LmtUQGwH4GHqfMqrj5R7MZ73t6JPQ7wf1QiAVq uhbvuHirE
    LmPSxxRadgbvOhIa6rr4d8kxkNADgYQAAoGASr7v1XmMm1SckA 1zHG00hn6volf/
    bFmGfBTpGYeh/1ZDQKCganmiABpuOk9Yk5YgQhOQQbRjjiXQR8s3j2JKQ/ckQzgI
    iTP8v1XFOkzl7z0gI/dUIqdR+M/Z5k01jCC6bSDrL0T7diDc9gxFMARrFxGUTG1x
    DMBUAd/yuOpQSjc=
    -----END PUBLIC KEY-----

    To this:

    ssh-dss AAAAB3NzaC1kc3MAAACBAL0FBWyDcbDyR+D+VyEaUk4q6jfRJH 3 (rest
    deleted)

    The end result would be copied to .ssh/authorized_keys so that the
    device can connect to a SFTP server running on a unix box without a
    password. Any help would be greatly appreciated.

    Thanks,

    John


  2. Re: Converting from a openssl dsa key to a one line SSH2 key (for authorized_keys)

    wrote:
    > I was wondering if it is possible to take a dsa public key generated
    > by openssl and convert it to a ssh2 public key without knowing the
    > private key.


    It doesn't look infeasible to me. That base64-encoded blob is just
    ASN.1/BER (or perhaps I mean DER) encoding four integers of about
    the right sizes.

    I've just hacked up a quick piece of Python which I _think_ should
    generate the right data. You can find it at

    http://www.tartarus.org/~simon/keycvt.py

    I can't absolutely guarantee its correctness: I wrote it by staring
    very hard at the key data you posted and reverse-engineering the
    format, and there was one part of the format I didn't fully
    understand the reasons for so I can't be sure it'll look the same in
    other similarly generated keys. But it seems to work for that
    particular key at least, as far as I can tell (though of course
    without the corresponding private key I can't _actually_ test that
    it's really acceptable to OpenSSH).
    --
    Simon Tatham "loop, infinite _see_ infinite loop"
    - Index, Borland Pascal Language Guide

  3. Re: Converting from a openssl dsa key to a one line SSH2 key (for authorized_keys)

    jmq1234@gmail.com writes:

    >I was wondering if it is possible to take a dsa public key generated
    >by openssl and convert it to a ssh2 public key without knowing the
    >private key.


    Isn't that what

    ssh-keygen -i -f /path/to/public-key/file

    does? (I assume access to the openssl version of ssh-keygen)

    >I would like to convert from this:


    >-----BEGIN PUBLIC KEY-----
    >... (details removed)


    >To this:


    >ssh-dss AAAAB3NzaC1kc3MAAACBAL0FBWyDcbDyR+D+VyEaUk4q6jfRJH 3 (rest
    >deleted)


    That's the reverse of what you described, so you would need "-i"
    rather than "-e".

    --
    DO NOT REPLY BY EMAIL - The address above is a spamtrap.

    Neil W. Rickert, Computer Science, Northern Illinois Univ., DeKalb, IL 60115

+ Reply to Thread