JIYIK CN >

Previous articles ( openSSH to openSSH setup , SSH2 to SSH2 setup ) explained how to set up key-based authentication on the same version of ssh to perform ssh and scp without entering a password. This article explains how to set up SSH key-based authentication between different versions of SSH (openSSH to SSH2) to perform ssh and scp without entering a password.

1. Verify the SSH version of the local host and the remote host.

In this example, the local host is openSSHrunning on , and the remote host is running on SSH2.

[jiyik.com@local-host]$ ssh -V
OpenSSH_5.0p1, OpenSSL 0.9.8g 19 Oct 2007

[jiyik.com@remote-host]$ ssh -V
ssh: SSH Secure Shell 3.2.9.1 (non-commercial version) on i686-pc-linux-gnu
[jiyik.com@remote-host]$ ls -l /usr/local/bin/ssh
lrwxrwxrwx  1 root root 4 Mar 10 22:04 /usr/local/bin/ssh -> ssh2

2. Use ssh-keygen to generate a key pair on the local host

[jiyik.com@local-host]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jiyik/.ssh/id_rsa):<Hit enter>
Enter passphrase (empty for no passphrase): <Enter your passphrase here>
Enter same passphrase again:<Enter your passphrase again>
Your identification has been saved in /home/jiyik/.ssh/id_rsa.
Your public key has been saved in /home/jiyik/.ssh/id_rsa.pub.
The key fingerprint is:
3b:2a:d2:ac:8c:71:81:7e:b7:31:21:11:b8:e8:31:ad jsmith@local-host

The public and private keys are usually stored in the .ssh folder under your home directory. In this case, it is located under /home/jiyik/.sshd . We should not share the private key with anyone.

By default, ssh-keygenopenSSH on SSH will generate an RSA key pair. We can also use the command to generate a DSA key pair.ssh-keygen -t dsa

3. Convert openSSH public key to SSH2 public key.

On the local host running openSSH, use ssh-keygento convert the openSSH public key to an SSH2 public key as follows.

[jiyik.com@local-host]$ ssh-keygen -e -f ~/.ssh/id_rsa.pub > ~/.ssh/id_rsa_ssh2.pub

4. Install the public key on the remote host running SSH2.

Create a new public key file on the remote host and copy-paste the converted SSH2 key from your local host.

[jiyik.com@remote-host]$ vi ~/.ssh2/local-host_ssh2_key.pub 
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "2048-bit RSA, converted from OpenSSH by jsmith@local-host"
DDDDB3NzaC1yc2EAAAABDmbrdomPh9rWfjZ1+7Q369zsBEa7wS1RxzWRQ0Bmr9FSplI
3ADBEBC/6cbdf/v0r6Cp5y5kusP07AOzo2F7MBDSZBtS/MbYJiIxvocoaxG2bQyz3yYjU
YcpzGMD182bnA8kRxmGg+R5pVXM34lx3iSSgd8r3RzZKnDpEvEInnI7pQvUBoEbYCXPUeZ
LQvQAkz6+Pb6SsNp-dop/qgv9qyfbyMz1iKUZGadG146GtanL5QtRwyAeD187gMzzrGzMFP
LWjdzWpGILdZ5gq7wwRpbcXFUskVrS2ZjDe676XlTN1k5QSZmSYUuttDdrjB5SFiMpsre8
a7cQuMS178i9eDBEC==
---- END SSH2 PUBLIC KEY ----

Add the above public key file name to the authorities file on the remote host as shown below.

[jiyik.com@remote-host]$ vi ~/.ssh2/authorization 
Key local-host_ssh2_key.pub

5. Use SSH2 key authentication to authenticate login from the local host to the remote host.

[jiyik.com@local-host]$ ssh -l jiyik remote-host <You are on local-host here>
The authenticity of host 'local-host' can't be established.
DSA key fingerprint is a5:f6:2e:e6:a9:b2:7b:0e:e7:ae:cb:6c:7b:f5:6d:06.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'local-host' (DSA) to the list of known hosts.
Enter passphrase for key '/home/jiyik/.ssh/id_rsa': <Enter your passphrase here>
Last login: Sat Jun 21 2022 23:13:00 -0700 from 192.168.1.102
No mail.
[jiyik.com@remote-host]$ <You are on remote-host here>

There are two ways to execute ssh and scp without entering a password:

• No password . When creating the key pair, leave the password blank. Use this option for automated batch processing. For example, if we are running a cron job to copy files between machines, this is a suitable choice. We can skip the subsequent steps of this method.
• Using a password and SSH agent . If we use ssh and scp interactively from the command line and we don't want to use a password every time we do ssh or scp, I don't recommend the previous option (no password) because we have eliminated a level of security in ssh key-based authentication. Instead, use a passphrase when creating a key pair and use an SSH agent to perform ssh and scp without having to enter a password every time, as described in the steps below.

6. Start SSH agent on local host

The SSH agent will run in the background to save your private keys and perform ssh and scp without having to enter your password multiple times.

[jiyik.com@local-host]$ ssh-agent $SHELL

7. Load the private key into the SSH agent on the local host

[jiyik.com@local-host]$ ssh-add
Enter passphrase for /home/jiyik/.ssh/id_rsa:<Enter your passphrase here>
Identity added: /home/jiyik/.ssh/id_rsa (/home/jiyik/.ssh/id_rsa)

8. SSH or SCP from your local host to remote-home without entering a password.

[jiyik.com@local-host]$<You are on local-host here>

[jiyik.com@local-host]$ ssh -l jiyik remote-host
Last login: Sat Jun 07 2022 23:03:04 -0700 from 192.168.1.102
No mail.
<ssh did not ask for passphrase this time>
[remote-host]$ <You are on remote-host here>