Hi everybody,
I'm in a heterogenous network with both compaq/hp alpha machines running tru64 5.1.b and linux stations running ubuntu 6.06.1. The latter have open-ssh installed, while the alphas run a commercial ssh implementation.

Public key auth. works among the linux stations and the alphas alone, whereas
cross-plattform ssh is only possible via password-auth.

One obvious difference regarding public key authentication is, that both
implementations save privat and public keys in different locations,
~/.ssh/ for open-ssh and ~/.ssh2/ for tru64-ssh.

I appended my id_dsa.pub from .ssh to .ssh2/authorization, which is the place, the tru64-ssh-server looks for public-key filenames, but this did not work.

I read there are some principal incompatibilities between open-ssh and the
commercial version. Perhaps this is one of them. Would the use of ssh1 change something?

Does anyone know if my problem is somehow solvable? And how?

Thank you.

Definitely, it would lower your security. That's why ssh2 is used.

Thank you very much. That's exactly the answer I was hoping for...

cf050

Commercial SSH (tru 64) needs the filename inside the authorization file, not the actual key (the way open-ssh does it) ....
Also, the public key format differs....

Create a commercial public key from your openssh pub key (ssh-keygen -e -f <openssh pubkey> > <my name for commercial pubkey>
Copy the new public key to ~/.ssh2/ directory, and do the following:
echo Key {YOUR KEY NAME } >> ~/.ssh2/authorization

Hope that helps!

Hobbez1: Noops. Still asking for password, both ways around (ssh to openssh and openssh to ssh)

I did (on my linux machine):

>cd ~/.ssh
>ssh-keygen -e -f id_rsa.pub > id_rsa-commercial.pub
>cp id_rsa-commerical.pub ~/.ssh2
>cd ~/.ssh2
>echo Key id_rsa-commercial.pub >> authorization
>ssh <unix-machine>
user@unix-machine's password: ...

did i miss anything?

Sorry, that's me being bad at explaining again....

on your linux-box:
copy the id_rsa-commerical.pub to the commercial ssh box under ~/.ssh2/

then, on the commercial box:
echo Key id_rsa-commercial.pub >> ~/.ssh2/authorization

basically, what needs to happen, in normal english:

1. create public and private key pair on "non-commercial" (NC) box (this pair is meant non-commercial pair)
2. create commercial public key from NC public key
3. copy file to commercial SSH box, under ~/.ssh2 directory
4. tell commercial box to recognize key (by adding "Key <Commercial public key name>" to ~/.ssh2/authorization

and, hopefully, that's it...!

let me know

Hobbez1,

Since our nfs server exports the home directories to both our linux machines and our alpha stations, .ssh/ (for openssh) and .ssh2/ (for tru64) reside under the same directory, namely
/home/<user>/. Sorry, I should have explained that before.

It still does not work. I will backup my .ssh and .ssh2 and restart the whole thing over, e.g generate key pairs, copy them etc. I'll keep you informed. Thank you so far.

Settled!
The systemwide configuration file /etc/ssh2/sshd2_config had to be edited so as to allow
publickey-authentication.

So, this is exactly what I have done:

On my linux machine:
1.) No changes in the /etc/ssh/*_config files neccessary.

As user:
2.) remove old .ssh-stuff:

3.) generate new openssh public/privat key pair ( I took dsa-type and 2048 bit length here, other values might as well work):

take default paths
no passphrase (type <enter> twice).

cd to newly generated .ssh-directory

should list at least the files

id_dsa
id_dsa.pub

4.) export newly generated pair of keys to ssh.com format:

5.) append public key to list of authorized keys:


On my TRU64 machine:

6.) Look up /etc/ssh/sshd2_config

There has to be a line saying something like

If this line is NOT commented out, everything should be Ok. If not, ask your system-administrator to change it. In my opinion publickey-auth is much saver than
hostbased, but that may be a matter of taste.

As user

7.) remove old .ssh2-stuff (ssh.com configuration files)

8.) generate new commercial ssh-key pair:

again, take default paths and choose no passphrase (otherwise you will be asked each time you log in, which is not want I wanted...)

should list
9.) copy the two openssh-keys which you transformatted in step 4.) to pwd.

10.) Add public keys to list of authorized keys and privat keys to list of
identification keys:


On linux-machine:
11.) Import commercial pair of keys in ~/.ssh:

12.) Add new public key to list of authorized keys:

That should do it. Maybe some steps are unnecessary, but this worked for me. Now I can finally run mpi on our cluster

Even though this is an ancient thread, I thought I'd post my experiences for people that end up here looking for answers.

Firstly:
All credit goes to Thomas Jansson, whose howto i've more or less copied.
You can find the original here: http://www.tjansson.dk/?p=127


To connect from OpenSSH to SSH2:

1. Create a keypair on your OpenSSH machine:
2. Convert the public key to the SSH2 format and save in a file (do this on the OpenSSH machine):
3. Copy the converted public key to SSH2 machine. Put it in the ~/.ssh2 directory.

4. Add the name of the public key to the SSH2 authorization file:
5. Done. You can now log in on the SSH2 machine from your OpenSSH machine without typing the password.


To connect from SSH2 to OpenSSH:

1. Create a keypair on your SSH2 machine:
2. Copy the public key to the OpenSSH machine. Only OpenSSH's ssh-keygen can convert from SSH2 format to OpenSSH format.

3. Convert the public key to the OpenSSH format and save in a file (do this on the OpenSSH machine as well, only OpenSSH's ssh-keygen can convert):
4. Add the converted public key to the authorized_keys file on your OpenSSH machine:
5. Add the name of the private key to the SSH2 identification file (on the SSH2 machine):
6. Done. You can now log in to the OpenSSH machine from your SSH2 machine without typing the password.