robinbobin

1. Install SSH for Workstations 3.1 if you don't have it yet. Get it from groucho
2. Launch SSH for Workstations. Connect to the OpenSSH server. Under settings, choose Generate New Keypair.
3. Make a DSA key. 1024 bits ought to be long enough.
4. Name your key - for this example, let's call it mytestkey. Secure Shell for Workstations creates 2 files, one named mytestkey (the private half, which you need to keep safe) and mytestkey.pub (the public half, which you can safely give away). If you really want to automate this, then you might want to leave the passphrase blank. This is dangerous, protect that file well. Otherwise, enter a nice, long, secure passphrase.
5. Optionally, upload the key. For OpenSSH, the folder to use is ".ssh" and the authorization file is "authorized_keys2". In any event, we're going to have to edit this file, so all you really need to do is copy the publickey file up to the server and put it somewhere convenient.
6. On the server running OpenSSH (squirrel, euclid, groucho, etc.), edit the file in your home directory ~/.ssh/authorized_keys2. You'll want to insert the text from your public key (mytestkey.pub) into authorized_keys2.
7. Now you need to reformat the text a little. The key as generated by Windows looks like:

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "SFK DSA from windows [1024-bit dsa, Steven Karel@persimmon, Tue Dec 18 2001 12:57:51]"
AAAAB3NzaC1kc3MAAACBANUnwcm2SB3Sv9T+WttXV374jaavhO6Y7NbLg9iTK3tEwmuufn
6YetiNSXIcTSfiWtK+oznc3T+U7LQQivpszdGPoFg6RAvvyaEE+uqSyR+ogQq0+ePvegxN
Q7ILQULPCA7nEYGl01cUm8Renwjp7fJP5k4dCVUF9my5Ak+Xd2T3AAAAFQD2SpiKb0XWYm
Obx5pVAUa/mqFBXwAAAIEAwspDclkK0D24HBXEJI5PXLKAA2NnOAvmRPyEaiS19rzepJIP
3/MkuUeTJ37rOkD8us9WRuqQygWOEb4By/0pAqxyjleWaGS4Oo/Z7t7HzXSWT2Qi/nXvRy
rYX6ptqSg9M0wfrCa6H/kLDZq+pqGLf9Aoj6G2jbr6q3GulNbIZUAAAACBAJAcFS8JQWRF
PBML4VfqZgJ0xALXL3gjHV8SPkHFi3LrccMTl5ok0ksWOUCBW0Z+OFt4Eqxs5BdTv7iqm8
oki/Ccd8KOgYaAYMe7gwJknkfQshBb/1MQ90nUgb5PwbHVgskHo9rQKCTZl45NVJpaH7bT
VbQTvfNLf+bNL8ti60Vh
---- END SSH2 PUBLIC KEY ----

The format OpenSSH is looking for is (note, this is all on one line:

ssh-dss AAAAB3NzaC1kc3MAAACBANUnwcm2SB3Sv9T+WttXV374jaavhO6Y7NbLg9iTK3tEwmuufn6YetiNSXIcTSfiWtK+oznc3T+U7LQQivpszdGPoFg6RAvvyaEE+uqSyR+ogQq0+ePvegxNQ7ILQULPCA7nEYGl01cUm8Renwjp7fJP5k4dCVUF9my5Ak+Xd2T3AAAAFQD2SpiKb0XWYmObx5pVAUa/mqFBXwAAAIEAwspDclkK0D24HBXEJI5PXLKAA2NnOAvmRPyEaiS19rzepJIP3/MkuUeTJ37rOkD8us9WRuqQygWOEb4By/0pAqxyjleWaGS4Oo/Z7t7HzXSWT2Qi/nXvRyrYX6ptqSg9M0wfrCa6H/kLDZq+pqGLf9Aoj6G2jbr6q3GulNbIZUAAAACBAJAcFS8JQWRFPBML4VfqZgJ0xALXL3gjHV8SPkHFi3LrccMTl5ok0ksWOUCBW0Z+OFt4Eqxs5BdTv7iqm8oki/Ccd8KOgYaAYMe7gwJknkfQshBb/1MQ90nUgb5PwbHVgskHo9rQKCTZl45NVJpaH7bTVbQTvfNLf+bNL8ti60Vh

To edit the key, then, you need to add the word "ssh-dss" and a space at the beginning of the key, and to remove the line breaks Windows put in the file. You can safely leave the comment parts if you like.
8. Save the authorized_keys file in its edited form. Make sure it is only writable by you, the owner. I'm not sure if it needs to be world readable, but that shouldn't hurt. The permissions should be, for example:

-rw-r--r-- 1 karelsf karelsf 2616 Dec 18 08:08 authorized_keys2

9. Now you should be able to connect using public-key authorization. In Secure Shell for Workstations, disconnect, then tell it to Connect again. In the dialog box, choose "Public Key" under Authentication Method. If the public key is going to work, and it has a passphrase, you'll get a passphrase dialog -- otherwise, you'll get an error message or get asked for your password (I forget which, sorry!).

Steven Karel Administrator

December 18, 2001
02:09:11 PM how to do public key authentication from the command line with windows ssh2