OK HERE IS THE ANSWER to this problem RH seems to like the ssh-keygen2 binary better. So what you need to do is make sure you are using the ssh-keygen binary in /usr/bin I noticed that when I would do a #man ssh-keygen i kept getting ssh-keygen2
Not sure why this happens. Maybe someone else can give us the answer to that one but here are the keystrokes to fix my problem anyway. # cd /usr/bin # ./ssh-keygen -i -f ~/.ssh2/dsa2048key.pub >> ~/.ssh/authorized_keys2 That fixed the problem. > Nathan Wolfe wrote: >> I am running OpenSSH on redhat 8. I have generated a keypair using the >> client from ssh.com (Secure Shell Client). the key has been uploaded >> to the server and I have attempted to convert the key to Open ssh >> using: >> >> # ssh-keygen -X -f .ssh2/dsa2048key.pub >>.ssh/authorized_keys2 >> >> and >> >> # ssh-keygen -i -f .ssh2/dsa2048key.pub >> .ssh/authorized_keys2 > > Your second example looks correct! At least thats what I do to convert > my ssh2 generated keys to OpenSSH format. I use F-Secure's ssh client > which generates an ssh2 format RSA or DSA key. > >> >> I get: illegal option -- X >> with the first and: >> Private key -f is unreadable. >> Error: Cannot determine the type of the key. >> with the second. > > based on the above error it looks the your ssh client did not generate a > key that contains the "type" of key (dsa/rsa) in the file. For > reference: I generated a test key using F-Secure ssh client; this is the > format of the file that I uploaded/converted to OpenSSH format using > your second example... > > ---- BEGIN SSH2 PUBLIC KEY ---- > Comment: "[1024-bit dsa, [EMAIL PROTECTED], Sun Jul 20 2003 18:04:45]\ > [1024-bit dsa, [EMAIL PROTECTED], Sun Jul 20 2003 18:04:59]" > > [snip] the key > > ---- END SSH2 PUBLIC KEY ---- > > >> >> I have read somplace that some versions of ssh-keygen are unable to >> make this conversion but my RedHat AS 2.1 machine does it fine as well >> as all of my FreeBSD machines. > > If your ssh format key contains the type record listed above, then you > might be correct. I don't really know. FWIW: I have been using F-Secure > ssh client for years and have never had a problem converting it's ssh2 > generated key to openssh format using ssh-keygen -i -f... as far back as > RH7.3. > > Steve Cowles > > > -- > redhat-list mailing list > unsubscribe mailto:[EMAIL PROTECTED] > https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
