portella.com.br

Blog pessoal de Felipe Portella

Archive for the ‘SSH’ tag

Fazendo o SSH2 funcionar com o OpenSSH sem Senha

without comments

Hoje perdi muito tempo conseguir fazer o SSH2 no Windows se conectar sem senha com um servidor linux usando OpenSSH. Registro aqui os detalhes da solução.

A configuração do SSH2 é bem tranquila. Conecte-se no servidor desejado. Vá em Edit -> Settings -> Global Settings -> User Authentication -> Keys. Clique em “generate New…”, siga o wizard e deixe a passphrase em branco. Clique em “Upload…” para ele enviar para o servidor que vc está conectado. Clique também em “Configure…” caso deseje que pela console, pelo comando ssh2.exe, funcione.

ssh2_config

O problema todo é que o SSH Secure Shell da www.ssh.com (eu uso a versão 3.2.9 que foi a última gratuita, mas pelo que eu vi ocorre com as demais) usa um formato de chave diferente do servidor OpenSSH. O formato é o IETF SECSH ou RFC 4716, sendo necessário convertê-lo para o formato do OpenSSH.

O próprio OpenSSH tem suporta esta conversão com o seguinte comando:

ssh-keygen -i -f ~/.ssh/chave_rsa_do_windows_no_formato_ssh2.pub > ~/.ssh/chave_rsa_do_windows_no_formato_openssh.pub

Feito isso pode-se dar continuidade ao prodedimento normal que é copiar a chave pública gerada na máquina Windows, agora no formato certo, para o authorized_keys. O comando é:

cat ~/.ssh/chave_rsa_do_windows_no_formato_openssh.pub ~/.ssh/authorized_keys

OBS: O SSH2 salva a chave em: (DOCUMENTS & SETTINGS)\(USER LOGIN)\Application Data\SSH\UserKeys

A dica donversão de formatos eu achei no site www.isi.edu/~weiye/howto/ssh2_openssh.html depois de muito quebrar a cabeça. Reproduzo abaixo a íntegra do site:








How to make SSH2 work with OpenSSH

The commercial version of SSH2 uses a different key format than the OpenSSH. This guide shows how to make them inter-operate with each other with public key authentication. It is based on descriptions from this website.

Case 1. OpenSSH server and SSH2 client

Suppose you already generated an RSA2 key pair on your SSH2 client machine, and the public key is stored at ~/.ssh2/id_rsa_1024_a.pub. The following procedure applies to DSA key pairs too.

1. Copy your SSH2 public key from your SSH2 client machine to your OpenSSH server like:

scp ~/.ssh2/id_rsa_1024_a.pub server:.ssh/rsa_ssh2.pub

If you can’t copy the public key because the password authentication is disabled, you can email it to the system administrator and ask him/her to do the following for you (~/ is your home directory).

2. Run the OpenSSH version of ssh-keygen on the server to convert the SSH2 public key to into the format needed by OpenSSH:

ssh-keygen -i -f ~/.ssh/rsa_ssh2.pub > ~/.ssh/rsa_openssh.pub

3. Append this newly generated OpenSSH public key to your authorization file on the server:

cat ~/.ssh/rsa_openssh.pub >> ~/.ssh/authorized_keys2

4. Once this is done, the .pub files you created are no longer needed so you can remove them if you like.

Now your SHH2 client should be able to connect to the OpenSSH server with the public key authentication.

Case 2. SSH2 server and OpenSSH client

Note that RSA2 is not working on ISI’s SSH2 servers at the the time the guide is written. DSA works fine, so you should generate a DSA key pair with the ssh-keygen on your OpenSSH client machine. By default, the public key is stored at ~/.ssh/id_dsa.pub.

1. Run the OpenSSH version of ssh-keygen on the OpenSSH client machine to convert the OpenSSH public key into the format needed by SSH2:

ssh-keygen -e -f ~/.ssh/id_dsa.pub > ~/.ssh/dsa_ssh2.pub

2. Copy this SSH2 public key to your .ssh2 directory on the SSH2 server:

scp ~/.ssh/dsa_ssh2.pub server:.ssh2/dsa_ssh2.pub

If you can’t copy the public key because the password authentication is disabled, you can email it to the system administrator and ask him/her to do the following for you (~/ is your home directory).

3. Add this new pub key to the authorization on the server:

echo Key dsa_ssh2.pub >> ~/.ssh2/authorization

4. Once this is done, the temporary .pub file you created on the OpenSSH client is no longer needed so you can remove it. DO NOT remove the .pub file you just copied to the SSH2 server.

Now your OpenSSH client should be able to connect to the SSH2 server with the DSA public key authentication.

Written by Felipe Portella

dezembro 22nd, 2008 at 12:13 am

Posted in Linux,Windows

Tagged with