Date: Wed, 7 Nov 2001 01:14:25 -0500 (EST) From: "Dan Mahoney, System Admin" <danm@prime.gushi.org> To: questions@freebsd.org Subject: Differences in ssh versions PLEASE HELP. Message-ID: <Pine.BSF.4.21.0111070108100.33635-100000@prime.gushi.org>
next in thread | raw e-mail | index | archive | help
Okay, I'm at a large server farm where our tech accounts are on a local computer in a secure location. We figured that rather than trying to maintain passwords, we would implement key-based authentication. It makes no sense to me. One version of ssh uses a file called authorized_keys2, which actually contains the key modulus. This would presumably make sense with keys generated by ssh-keygen -d, which makes something that looks like this: ssh-dss AAAAB3NzaC1kc3MAAACBAJwc8NkF3ABXmHw7JP30f5pC7/L/ph3L1pQ1fJY3Ysejm463Wr/BIZLJAA1$ qYx5DfM2uMCuGjcD8M4fOH8xleA3dRNTdFDkLQ+OBIuivVFJlPRDfLcPf2M8nS9yUoIQ== admin@ns25004.free-dns.com fair, simple. Now for some reason I have tried on an older machine ssh-keygen2, and it generates keys that look like THIS: ---- BEGIN SSH2 PUBLIC KEY ---- Subject: danm Comment: "1024-bit dsa, danm@prime.gushi.org, Wed Nov 07 2001 00:19:30\ -0500" AAAAB3NzaC1kc3MAAACBAJ/5BRuOu7a94unGW1ibM1q4vydPueq0FFjkNPl0gZuRwAzbHV TfUVdj8300a/WXzoRxSCDat2aHUCMczyIC6Y99F+qeixyB3PZ/227BrSW1G9ZMp5tKBAOC fWwR/aFBQkjr64cbdRYal/OLK1I9IeQrBmrjZUQrnkWDd6mfnrKXAAAAFQDEwVVSuSC9+J ogy4cKTHKEX5lyhwAAAIAar/HT2IGy4+/EAJ/LcEfD34xRIZIhTkzMqI8dX0YbV4elpQCM 6mco2zLnQag8HNXExRGulJuR1XeGHiR9WoncxQs0eBlxAqMhy9jWA0NTCCdYWp0CbB7rUl YzEprN0FlbQywW3cXw+NYgiMdqcW58sTeUYH/xHbfR0pEMQQb0ZQAAAIEAgtQMCXOpoJ/H GR9CEAIrtj1BnT6BgWBeR03zgTxuqiF1SNJhEmxIzKvo4+jWbjplyja/32pQEFq0++o3sF 0JMSz34FUQ66+djl0XqFABUDfQjkVQGvgGS20SRwFsJg2jPMTDWeImmwMQG1NSTNlyk5Qd A1YjYCygHuESzgjjTAc= ---- END SSH2 PUBLIC KEY ---- So how do I get THAT into an authorized_keys2 file? It would seem that older versions of the program use a file called "Authorization" which simply lists filenames of keys, rather than keys themselves. But on newer machines, this file is not mentioned. Am I right in assuming that ssh version 1 only uses rsa, and version 2 only uses dsa, and by default in newer freebsds, if you just type ssh -l username hostname, you're using version 2? I'm confused. Some consistency would be great here. -Dan Mahoney -- <Zaren> Christ almighty... my EYES! They're melting! -Zaren, Efnet #macintosh, in response to: www.geocities.com/CollegePark/Classroom/1944 The WEBSITE DESIGN class that gave my fiancee a D. --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Web: http://prime.gushi.org finger danm@prime.gushi.org for pgp public key and tel# --------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0111070108100.33635-100000>