How To Perform SSH and SCP Without Password from SSH2 to OpenSSH

● Home

● About

● Free eBook

● Archives

● Best of the Blog

● Contact

● Subscribe

● HowTo & FAQ

Support us when you shop at Amazon

How To Perform SSH and SCP Without Password from SSH2 to OpenSSH
by Ramesh Natarajan on October 21, 2008

In our previous articles, we discussed how to setup ssh key based

authentication to perform ssh and scp without password under the
following three scenarios:

1. OpenSSH to OpenSSH
2. OpenSSH to SSH2
3. SSH2 to SSH2

In this article, I’ll explain how to perform ssh and scp from SSH2 (local-host) to OpenSSH (remote-host) with no password.

1. Identify local-host and remote-host SSH version

In this example, local-host is running SSH2 and remote-host is running OpenSSH.

http://www.thegeekstuff.com/2008/10/perform-ssh-and-scp-without-password-from-ssh2-to-openssh/ (1 of 11) [10/21/2009 2:38:24 PM]

How To Perform SSH and SCP Without Password from SSH2 to OpenSSH

[local-host]$ ssh -V

ssh: SSH Secure Shell 3.2.9.1 (non-commercial version) on i686-pc-linux-gnu

[remote-host]$ ssh -V

OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006

2. Generate SSH2 authentication key pair on the local-host using ssh-keygen2

On SSH2, ssh-keygen will be a soft-link to the ssh-keygen2 as shown below.

[local-host]$ ls -l /usr/local/bin/ssh-keygen

lrwxrwxrwx 1 root root 11 Jul 31 2006 /usr/local/bin/ssh-keygen -> ssh-keygen2

[local-host]$ ssh-keygen

Generating 2048-bit dsa key pair

7 o.oOo..oOo.o

Key generated.

2048-bit dsa, jsmith@local-host, Sun Oct 19 2008 14:49:42 -0700

Passphrase : [Enter the password here]

Again :

Private key saved to /home/jsmith/.ssh2/id_dsa_2048_a

Public key saved to /home/jsmith/.ssh2/id_dsa_2048_a.pub

The public key and private key are stored in .ssh2 folder under your home directory. In this example, it is under /home/jsmith/.ssh2.

You should not share the private key with anybody.

By default ssh-keygen2 generates DSA (Digital Signature Algorithm) key pair. You can also generate RSA key pair as shown below.

[local-host]$ ssh-keygen -t rsa

http://www.thegeekstuff.com/2008/10/perform-ssh-and-scp-without-password-from-ssh2-to-openssh/ (2 of 11) [10/21/2009 2:38:24 PM]

How To Perform SSH and SCP Without Password from SSH2 to OpenSSH

3. Copy SSH2 public key from local-host to remote-host that is running OpenSSH
Copy local-host:/home/jsmith/.ssh2/id_dsa_2048_a.pub file to remote-host:/home/jsmith/.ssh/id_dsa_1024_a.pub. Perform a vi /home/jsmith/.ssh/
id_dsa_1024_b.pub on the remote-host and copy the content of the public key from the local-host.

[remote-host]$ vi /home/jsmith/.ssh/id_dsa_1024_a.pub

---- BEGIN SSH2 PUBLIC KEY ----

Subject: jsmith

Comment: "2048-bit dsa, jsmith@local-host Sun Oct 19 2008 14:49:42 -070\0"

7ZTVd7H63VyVqBIqfmEBALVa6VKtALZkydlOiPasikEQfujH07tjW+OffaRufFDG0VQESj

5iGSvMtmBBj8wQxGlvJ/dayVqBvvHzMao8bwGC+HFUtH1un7uyIEwOqU1fNzEpghC97mIx

tIxJA7ZTVd7H63VIqmzlLbp/ZCd6bcJLvZEepMz96nlNB4NJ5UYIfdgXNhf/TrJD8COWQs

t6jsP6RG/WrpHi5iGSvMtmBBj8wQGHddexkRnf/o5YMFJZRo4Iwc7+bgYrIyywBZnfLL7T

RTk9TBfWzgJHy/y1tTtCMvVooWvFZbG5AiV3de63MxBaD0o68SASyXZzVM+MabXhjcdXFY

2vjq2vJxOzunEAAAAVAOTeOzDCnj3K5iGSvMtmBBj8wQGHAAABAA38sGpHEfSxLx5MjQci

dko1pKuV1W9rOK3y19A2J2N6rSdWYb7Zyzw8Gr7kTMWX1TP5WhRGCUhNRYnjI+4wgZIZdC

lfGdp8MGI3HBg9CAr702BOzRTMnW0aqsGjrbhcwhWaDgRymhBh++nGAhHxeWn4ApJ8F6kT

8HaAm3dFYXpHCaZ/xuKPXr4DFugGl8MRDU8TwioNE9kRi0Ko/kB5LTHuGhMPHGshMJeVGi

PQTrt9NAzgYyJeT9RB9VZadgElMvQ9S0+fo6ipOA==

---- END SSH2 PUBLIC KEY ----

4. On remote-host, convert SSH2 public key to OpenSSH public key

This should be executed on the remote-host that is running OpenSSH. Only OpenSSH can convert keys back and forth between OpenSSH and
SSH2 format.

[remote-host]$ ssh-keygen -i -f ~/.ssh/id_dsa_1024_a.pub > \

~/.ssh/id_dsa_1024_a_openssh.pub

http://www.thegeekstuff.com/2008/10/perform-ssh-and-scp-without-password-from-ssh2-to-openssh/ (3 of 11) [10/21/2009 2:38:24 PM]

How To Perform SSH and SCP Without Password from SSH2 to OpenSSH

Copy the converted OpenSSH public key from ~/.ssh/id_dsa_1024_a_openssh.pub file to the authorized_keys file as shown below.

[remote-host]$ vi ~/.ssh/authorized_keys

ssh-dss 5iGSvMtmBBj8wQdegAEBALVa6VKtALZkydlOiPasikEQfujH07tjW+OffaRufFD

G0VQESjq+YlVTWcXxStz0xGlvJ/dayVqBvvHzMao8bwGC+HFUtH1un7uyIEwOqU1fNzEpgh

C97s143S8zBcTAGtdegte3IqmlLbp/ZCd6bcJLvZEepMz96nlNB4NJ5UYIfdgXNhf/TrJD8

COWQst6jsP6RG/WrpHiI4QVDM6tZVZ4CnGjm1QPkRnf/o5YMFJZRo4Iwc7+bgYrIyywBZnf

LL7TRTk9TBfWzgJHy/y1tTtCMvVooWvFZbG5AiV3de63MxBaD0o68SASyXZzVM+MabXhjcd

XFY2vjq2vJxOzunEAAAAVAOTeOzDCnj3K5iGSvMtmBBj8wQGHAAABAA38sGpHEfSxLx5MjQ

dFYXpHCaZ/xuKPXr4DFugGl8MRDU8TwioNE9kRi0Ko/kB5LTHuGhMPHGshMJeVGiPQTrt9N

AzgYyJeT9RB9VZadgElMvQ9S0+fo6ipOA==

5. Login from the local-host to remote-host using the SSH key authentication
Perform ssh from local-host (SSH2) to remote-host (OpenSSH) as shown below to verify whether the key based authentication works properly.

[local-host]$ [You are on local-host here]

[local-host]$ ssh -l jsmith remote-host

Host key not found from database.

Key fingerprint:

bitaz-navun-gogus-mptop-ljilk-qwlem-ftrtm-llmak-topok-zuiof-bnmix

You can get a public key's fingerprint by running

% ssh-keygen -F publickey.pub on the keyfile.

Are you sure you want to continue connecting (yes/no)? yes

Host key saved to /home/jsmith/.ssh2/hostkeys/key_22_remote-host.pub

host key for remote-host, accepted by jsmith Sun Oct 19 2008 15:06:42 -0700

Passphrase for key "/home/jsmith/.ssh2/id_dsa_2048_a" with comment "2048-bit

http://www.thegeekstuff.com/2008/10/perform-ssh-and-scp-without-password-from-ssh2-to-openssh/ (4 of 11) [10/21/2009 2:38:24 PM]

How To Perform SSH and SCP Without Password from SSH2 to OpenSSH

dsa, jsmith@local-host, Sun Oct 19 2008 14:49:42 -0700":[Enter password]

Last login: Sun Oct 19 14:01:48 2008 from 192.168.1.10

[remote-host]$ [You are on remote-host here]

Note: If you get the following error while performing the ssh or scp from local-host to remote-host, please refer to How to resolve Algorithm
negotiation failed issue on SSH, to fix this issue.

[local-host]$ ssh -l jsmith remote-host

warning: Authentication failed.

Disconnected; key exchange or algorithm negotiation failed

(Algorithm negotiation failed.)

There are two ways to perform ssh and scp without entering the password:

1. No passphrase: While creating key pair, leave the passphrase empty. Use this option for the automated batch processing. for e.g. if
you are running a cron job to copy files between machines this is suitable option. You can skip the next step steps for this method.
2. Use passphrase and SSH Agent: If you are using ssh and scp interactively from the command-line and you don’t want to use
the password everytime you perform ssh or scp, I don’t recommend the previous option (no passphrase), as you’ve eliminated one level of
security in the ssh key based authentication. Instead, use the passphrase while creating the key pair and use SSH Agent to perform ssh and
scp without having to enter the password everytime as explained in the steps below.

6. Start the SSH Agent on local-host

The SSH Agent will be running in the background to hold the private keys and perform ssh and scp without having to enter the passphrase several
times.

[local-host]$ ssh-agent $SHELL

7. Load the private key to the SSH agent on the local-host

http://www.thegeekstuff.com/2008/10/perform-ssh-and-scp-without-password-from-ssh2-to-openssh/ (5 of 11) [10/21/2009 2:38:24 PM]

How To Perform SSH and SCP Without Password from SSH2 to OpenSSH

[local-host]$ ssh-add

Adding identity: /home/jsmith/.ssh2/id_dsa_2048_a.pub

Need passphrase for /home/jsmith/.ssh2/id_dsa_2048_a (2048-bit dsa,

jsmith@local-host, Sun Oct 19 2008 14:49:42 -0700).

Enter passphrase:[Enter your passphrase here]

8. Perform SSH or SCP from local-host to remote-home without entering the password

[local-host]$ [You are on local-host here]

[local-host]$ ssh -l jsmith remote-host

Last login: Sun Oct 19 14:20:48 2008 from 192.168.1.10

[remote-host]$ [You are on remote-host here]

If you liked this article, please share it on delicious and Stumble it.

Download Free eBook - Linux ●

101 Hacks Bookmark or

Tags: authentication keys, key file, openssh, passphrase, private keys, public key, scp, scp no Share
Get free Unix tutorials, tips password, ssh, ssh no password login, ssh-keygen, ssh2
and tricks straight to your email ● Leave a
in-box. Comment
eBook and More Awesome Articles
you@address.com
● Print
Subscribe
Friendly

● RSS Feed

http://www.thegeekstuff.com/2008/10/perform-ssh-and-scp-without-password-from-ssh2-to-openssh/ (6 of 11) [10/21/2009 2:38:24 PM]

How To Perform SSH and SCP Without Password from SSH2 to OpenSSH

1. SSH Key based authentication

setup from openSSH to SSH2
2. Perform SSH and SCP Without
Entering Password on openSSH
3. 3 Steps to Perform SSH Login
Without Password Using ssh-
keygen & ssh-copy-id
4. Comprehensive Guide for SSH2
Key based authentication setup
5. Howto resolve Algorithm
negotiation failed issue on SSH

Download Vim 101 Hacks eBook

{ 1 trackback }

links for 2009-07-06 « Donghai Ma

July 6, 2009 at 10:09 pm

{ 1 comment… read it below or add one }

Alexander June 29, 2009 at 2:25 pm 1

Hi Ramesh,

I just tried your instructions on setting up SSH2 -> OpenSSH connection, and I found you need to make an extra step on the SSH2 client ( taken from
here: http://quark.humbug.org.au/publications/notes/ssh.txt ):

echo “IdKey id_dsa_2048_a” >> ~/.ssh2/identification

WIthout this, the OpenSSH server asks me for the password.

Thanks for the clear instructions!

Alexander

http://www.thegeekstuff.com/2008/10/perform-ssh-and-scp-without-password-from-ssh2-to-openssh/ (7 of 11) [10/21/2009 2:38:24 PM]

How To Perform SSH and SCP Without Password from SSH2 to OpenSSH

Leave a Comment

Name

E-mail

Website

Notify me of followup comments via e-mail

Submit
●

Previous post: Midnight Commander (mc) Guide: Powerful Text based File Manager for Unix
Sign up for our free email newsletter you@address.com Sign Up

Follow us on Twitter
Next post: View DELL Service Tag and Express Service Code From Linux and Windows
Subscribe via RSS

● VIM 101 HACKS EBOOK

"Vim offers just about everything

you could ever want from an
editor. The best that can happen
is when an experienced user
http://www.thegeekstuff.com/2008/10/perform-ssh-and-scp-without-password-from-ssh2-to-openssh/ (8 of 11) [10/21/2009 2:38:24 PM]
How To Perform SSH and SCP Without Password from SSH2 to OpenSSH

shows you the way and

accompanies you as you learn.
This book does exactly this. "

Prof. Dr. Fritz Mehner

(Author of several Vim plugins)

Download eBook
●

Search

● POPULAR POSTS

❍ Get a Grip on the Grep! - 15 Practical Grep Command Examples

❍ Linux 101 Hacks - Download Free eBook
❍ 6 Steps to Secure Your Home Wireless Network
❍ Backup and Restore MySQL Database Using mysqldump
❍ Linux Crontab: 15 Awesome Cron Job Examples
❍ Turbocharge PuTTY with 12 Powerful Add-Ons - Software for Geeks #3
❍ Mommy, I found it! -- 15 Practical Linux Find Command Examples
❍ Unix LS Command: 15 Practical Examples
❍ How To Monitor Remote Windows Machine Using Nagios on Linux
❍ 15 Examples To Master Linux Command Line History

● CATEGORIES

http://www.thegeekstuff.com/2008/10/perform-ssh-and-scp-without-password-from-ssh2-to-openssh/ (9 of 11) [10/21/2009 2:38:24 PM]

How To Perform SSH and SCP Without Password from SSH2 to OpenSSH

❍ Vi / Vim Tips and Tricks

❍ Linux Tutorials
❍ SSH Tips and Tricks
❍ Productivity Tips
❍ HowTo & FAQ
❍ Hardware Articles
❍ Nagios 3.0 Tutorials
❍ MySQL
❍ PostgreSQL
❍ Oracle
● 12 AMAZING LINUX BOOKS

❍ 1. Sed and Awk

❍ 2. Learning the Vi and Vim Editors
❍ 3. Bash Cookbook
❍ 4. SSH, The Secure Shell
❍ 5. Essential System Administration
❍ 6. Linux Server Hacks, Volume One
❍ 7. DNS and BIND
❍ 8. Understanding the Linux Kernel
❍ 9. Linux Cookbook
❍ 10. Linux Firewalls
❍ 11. Linux Administration Handbook
❍ 12. Beginning Ubuntu Linux
❍ Read full review of these 12 books

● About The Geek Stuff

My name is Ramesh Natarajan. I will be posting instruction guides, how-to, troubleshooting tips and tricks on Linux, database, hardware, security and web. My focus is to write articles
that will either teach you or help you resolve a problem. Read more about Ramesh Natarajan and the blog.

● Networking

Follow us on Twitter

Facebook

● Contact Us

http://www.thegeekstuff.com/2008/10/perform-ssh-and-scp-without-password-from-ssh2-to-openssh/ (10 of 11) [10/21/2009 2:38:24 PM]

How To Perform SSH and SCP Without Password from SSH2 to OpenSSH

Contact Me : Use this Contact Form to get in touch me for your comments, questions or suggestions about this site. You can also simply drop me a line to say hello!.

Send Your Tips: If you like to share any awesome tips and tricks on technology topic use the contact form to get in touch with me.

Mobile Version: Go to m.thegeekstuff.com on your mobile to access this blog from your phone.
Copyright © 2008–2009 Ramesh Natarajan. All rights reserved | Terms of Service

Advertise | Questions or Comments

http://www.thegeekstuff.com/2008/10/perform-ssh-and-scp-without-password-from-ssh2-to-openssh/ (11 of 11) [10/21/2009 2:38:24 PM]