Public key format problems - VMS

This is a discussion on Public key format problems - VMS ; I'm trying to get SSH1 RSA-key authentication to work. But the file format the Multinet server wants seems very different than what my client is generating. The client I'm trying to use is SecureCRT from VanDyke Software. I've asked it ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Public key format problems

  1. Public key format problems

    I'm trying to get SSH1 RSA-key authentication to work. But the file
    format the Multinet server wants seems very different than what my client
    is generating. The client I'm trying to use is SecureCRT from VanDyke
    Software. I've asked it to generate an RSA keypair. The public key it
    generated looks like this:

    ---- BEGIN SSH2 PUBLIC KEY ----
    Subject: rmoore
    Comment: "rmoore@rsa-work"
    ModBitSize: 1024
    AAAAB3NzaC1yc2EAAAADAQABAAAAgQDVJK7ZwyVo4AEa+MHQqP 0LMuGhIjipat2AIuh7
    GPxwWdB1YSjDbuLhSGrKjYfD74JmUUCEpmzqnOd6tLhH+LHa0P I5QSpR6hH/7MXa0y7A
    2Rg0EjqLgzdY9lTMsamKUhrB5K3umwvyaMbJu+UMNx3M8stXLP rc6EkjXqndYyoM+w==
    ---- END SSH2 PUBLIC KEY ----

    Now I go over to my VMS server and it wants something in the
    authorized_keys file which gives the number of bits, the exponent, and
    the modulus of the key. And it looks like all those things are suppsed to
    be numbers. I certainly don't see a number in the above generated key.

    How do I convert the above key into something the SSH1 server will
    consume? So far the SSH1 server is not interested in doing an RSA
    authenticated connection.

    Eventually we're going to get SSH2 going, and I'm fearing I'm going to
    have the same type of problem for that eventually. Here's an example of
    my SSH2 DSS key... how do I convert this so Multinet can use it?

    ---- BEGIN SSH2 PUBLIC KEY ----
    Subject: rmoore
    Comment: "rmoore@work"
    AAAAB3NzaC1kc3MAAACBALZyvlMA6+t0lN9982CpI+8WUmaM4Q 0amx5aMr4p1TtPw8Kw
    Ith2LuVAncYCxNYMBvBZWskkpSWNwApiWqQ0TjxhXRSHZT13wP dPC1NHDM5JAbA4SUWu
    dm/yGT7VjLrdRZefHmG8ihuMhgMhCMz9PQXLRbBQeNBBvkAr4RG7s +/NAAAAFQDGkSZX
    Y00vTqJw82kucAtUJI/V3QAAAIBBiFjf0rCCbyWd92hsujDUCHAl6dKs1fR9usanp9HQ
    Se9GI/e6x4jKWLmDxhWyyMRzVPGgenhxQurfGJ4nMgPn9sVXZW5iiBjH rj/+mqqe2EPg
    +cRtEuqx3yFHQCZX7CfS2WNLps2JJb2M3JRypeVo67S4zrTq1j WpD/4qSIDQrQAAAIEA
    o/O6ck5wNDw9N25fwuILCXq1za/FayQcN0SRxxXqIOhrjDe5mpcrvT1jvQI+SUnyII8G
    Qx5fj+H0hTwdoX10O+vSFFWfyrzn0FugnIezx6tluQfzsDdZEZ rFCgzxvtQlveHJVqzm
    jpZZQhS+xiEhLzetUHEJ0dHwS6qx7lvtFlM=
    ---- END SSH2 PUBLIC KEY ----

    -Ryan



  2. Re: Public key format problems

    Hi,

    Ryan Moore wrote:
    > Eventually we're going to get SSH2 going, and I'm fearing I'm going to
    > have the same type of problem for that eventually. Here's an example of
    > my SSH2 DSS key... how do I convert this so Multinet can use it?


    With SSH2, I've just been trying to do the very same thing. As far as I
    can tell, that is the correct format - at least, I tried copying the
    public key file as-is from SecureCRT:

    (1) Copy it to the [.SSH2] subdirectory of the SYS$LOGIN of the user
    you want to be able to authenticate as with that key, say as filename
    KEY.PUB. Perhaps use an FTP ASCII transfer to ensure newlines get
    handled correctly.

    (2) Create file [.SSH2]AUTHORIZATION with line:
    KEY KEY.PUB

    (3) Ensure your SSHD2_CONFIG. is set up to allow public key
    authentication - may be default, but "AllowedAuthentications publickey"
    may be appropriate.

    However, while this approach has worked for me under VMS 8.3 Alpha with
    TCPIP services 5.6, under VMS 7.3 VAX with TCPware 5.7-2, so it might
    work for you, it did *not* work for me on the latest MultiNet 5.1 under
    VMS 8.3 Alpha.

    I yesterday posted a load of debugging info on comp.os.vms under
    subject "MultiNet 5.1 public key authentication fails on PuTTY,
    SecureCRT" - it seems to come down to the server accepting the key as
    valid, then rejecting the signature performed by the client. A
    SecureCRT dialog reports: "The server recognized your public key... but
    none of the known signature mechanisms were accepted." However,
    authentication from an OpenSSH client works fine!

    (I can repost client and server debugging logs and keys here if anyone
    would be interested - the local news server doesn't carry this group so
    I didn't find it until this morning.)

    Regards,

    --
    Tom Garcia | tgarcia-REMOVE-THIS@hivemind.org


+ Reply to Thread