≡ Menu

How To Perform SSH and SCP Without Password from SSH2 to OpenSSH

[OpenSSH Logo]In our previous articles, we discussed how to setup ssh key based authentication to perform ssh and scp without password under the following three scenarios:

  1. OpenSSH to OpenSSH
  2. OpenSSH to SSH2
  3. SSH2 to SSH2

In this article, I’ll explain how to perform ssh and scp from SSH2 (local-host) to OpenSSH (remote-host) with no password.

1. Identify local-host and remote-host SSH version

In this example, local-host is running SSH2 and remote-host is running OpenSSH.

[local-host]$ ssh -V
ssh: SSH Secure Shell 3.2.9.1 (non-commercial version) on i686-pc-linux-gnu

[remote-host]$ ssh -V
OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006

2. Generate SSH2 authentication key pair on the local-host using ssh-keygen2

On SSH2, ssh-keygen will be a soft-link to the ssh-keygen2 as shown below.

[local-host]$ ls -l /usr/local/bin/ssh-keygen
lrwxrwxrwx  1 root root 11 Jul 31  2006 /usr/local/bin/ssh-keygen -> ssh-keygen2

[local-host]$ ssh-keygen
Generating 2048-bit dsa key pair
7 o.oOo..oOo.o
Key generated.
2048-bit dsa, jsmith@local-host, Sun Oct 19 2008 14:49:42 -0700
Passphrase : [Enter the password here]
Again      :
Private key saved to /home/jsmith/.ssh2/id_dsa_2048_a
Public key saved to /home/jsmith/.ssh2/id_dsa_2048_a.pub

The public key and private key are stored in .ssh2 folder under your home directory. In this example, it is under /home/jsmith/.ssh2.

You should not share the private key with anybody.

By default ssh-keygen2 generates DSA (Digital Signature Algorithm) key pair. You can also generate RSA key pair as shown below.

[local-host]$ ssh-keygen -t rsa

3. Copy SSH2 public key from local-host to remote-host that is running OpenSSH

Copy local-host:/home/jsmith/.ssh2/id_dsa_2048_a.pub file to  remote-host:/home/jsmith/.ssh/id_dsa_1024_a.pub. Perform a vi /home/jsmith/.ssh/id_dsa_1024_b.pub on the remote-host and copy the content of the public key from the local-host.

[remote-host]$ vi /home/jsmith/.ssh/id_dsa_1024_a.pub
---- BEGIN SSH2 PUBLIC KEY ----
Subject: jsmith
Comment: "2048-bit dsa, jsmith@local-host Sun Oct 19 2008 14:49:42 -070\0"
7ZTVd7H63VyVqBIqfmEBALVa6VKtALZkydlOiPasikEQfujH07tjW+OffaRufFDG0VQESj
5iGSvMtmBBj8wQxGlvJ/dayVqBvvHzMao8bwGC+HFUtH1un7uyIEwOqU1fNzEpghC97mIx
tIxJA7ZTVd7H63VIqmzlLbp/ZCd6bcJLvZEepMz96nlNB4NJ5UYIfdgXNhf/TrJD8COWQs
t6jsP6RG/WrpHi5iGSvMtmBBj8wQGHddexkRnf/o5YMFJZRo4Iwc7+bgYrIyywBZnfLL7T
RTk9TBfWzgJHy/y1tTtCMvVooWvFZbG5AiV3de63MxBaD0o68SASyXZzVM+MabXhjcdXFY
2vjq2vJxOzunEAAAAVAOTeOzDCnj3K5iGSvMtmBBj8wQGHAAABAA38sGpHEfSxLx5MjQci
dko1pKuV1W9rOK3y19A2J2N6rSdWYb7Zyzw8Gr7kTMWX1TP5WhRGCUhNRYnjI+4wgZIZdC
lfGdp8MGI3HBg9CAr702BOzRTMnW0aqsGjrbhcwhWaDgRymhBh++nGAhHxeWn4ApJ8F6kT
8HaAm3dFYXpHCaZ/xuKPXr4DFugGl8MRDU8TwioNE9kRi0Ko/kB5LTHuGhMPHGshMJeVGi
PQTrt9NAzgYyJeT9RB9VZadgElMvQ9S0+fo6ipOA==
---- END SSH2 PUBLIC KEY ----

4. On local-host, create the ~/.ssh2/identification file

Create the following file on the local-host.

$ vim ~/.ssh2/identification
IdKey id_dsa_2048_a

5. On remote-host, convert SSH2 public key to OpenSSH public key

This should be executed on the remote-host that is running OpenSSH. Only OpenSSH can convert keys back and forth between OpenSSH and SSH2 format.

[remote-host]$ ssh-keygen -i -f ~/.ssh/id_dsa_1024_a.pub > \
~/.ssh/id_dsa_1024_a_openssh.pub

Copy the converted OpenSSH public key from ~/.ssh/id_dsa_1024_a_openssh.pub file to the authorized_keys file as shown below.

[remote-host]$ vi ~/.ssh/authorized_keys
ssh-dss 5iGSvMtmBBj8wQdegAEBALVa6VKtALZkydlOiPasikEQfujH07tjW+OffaRufFD
G0VQESjq+YlVTWcXxStz0xGlvJ/dayVqBvvHzMao8bwGC+HFUtH1un7uyIEwOqU1fNzEpgh
C97s143S8zBcTAGtdegte3IqmlLbp/ZCd6bcJLvZEepMz96nlNB4NJ5UYIfdgXNhf/TrJD8
COWQst6jsP6RG/WrpHiI4QVDM6tZVZ4CnGjm1QPkRnf/o5YMFJZRo4Iwc7+bgYrIyywBZnf
LL7TRTk9TBfWzgJHy/y1tTtCMvVooWvFZbG5AiV3de63MxBaD0o68SASyXZzVM+MabXhjcd
XFY2vjq2vJxOzunEAAAAVAOTeOzDCnj3K5iGSvMtmBBj8wQGHAAABAA38sGpHEfSxLx5MjQ
dFYXpHCaZ/xuKPXr4DFugGl8MRDU8TwioNE9kRi0Ko/kB5LTHuGhMPHGshMJeVGiPQTrt9N
AzgYyJeT9RB9VZadgElMvQ9S0+fo6ipOA==

6. Setup proper permission on remote-host to .ssh directory

On the remote-host that is running openSSH, make sure to setup the following permission. Without this, you will have all kinds of weird problems with ssh.

$ chmod 755 ~
$ chmod 755 ~/.ssh
$ chmod 644 ~/.ssh/authorized_keys

7. Login from the local-host to remote-host using the SSH key authentication

Perform ssh from local-host (SSH2) to remote-host (OpenSSH) as shown below to verify whether the key based authentication works properly.

[local-host]$ [You are on local-host here]

[local-host]$ ssh -l jsmith remote-host
Host key not found from database.
Key fingerprint:
bitaz-navun-gogus-mptop-ljilk-qwlem-ftrtm-llmak-topok-zuiof-bnmix
You can get a public key's fingerprint by running
% ssh-keygen -F publickey.pub on the keyfile.
Are you sure you want to continue connecting (yes/no)? yes
Host key saved to /home/jsmith/.ssh2/hostkeys/key_22_remote-host.pub
host key for remote-host, accepted by jsmith Sun Oct 19 2008 15:06:42 -0700

Passphrase for key "/home/jsmith/.ssh2/id_dsa_2048_a" with comment "2048-bit
dsa, jsmith@local-host, Sun Oct 19 2008 14:49:42 -0700":[Enter password]
Last login: Sun Oct 19 14:01:48 2008 from 192.168.1.10

[remote-host]$ [You are on remote-host here]


Note: If you get the following error while performing the ssh or scp from local-host to remote-host, please refer to How to resolve Algorithm negotiation failed issue on SSH, to fix this issue.

[local-host]$ ssh -l jsmith remote-host
warning: Authentication failed.
Disconnected; key exchange or algorithm negotiation failed
(Algorithm negotiation failed.)


There are two ways to perform ssh and scp without entering the password:

  1. No passphrase: While creating key pair, leave the passphrase empty. Use this option for the automated batch processing. for e.g. if you are running a cron job to copy files between machines this is suitable option. You can skip the next step steps for this method.
  2. Use passphrase and SSH Agent: If you are using ssh and scp interactively from the command-line and you don’t want to use the password everytime you perform ssh or scp, I don’t recommend the previous option (no passphrase), as you’ve eliminated one level of security in the ssh key based authentication. Instead, use the passphrase while creating the key pair and use SSH Agent to perform ssh and scp without having to enter the password everytime as explained in the steps below.

8. Start the SSH Agent on local-host

The SSH Agent will be running in the background to hold the private keys and perform ssh and scp without having to enter the passphrase several times.

[local-host]$ ssh-agent $SHELL

9. Load the private key to the SSH agent on the local-host

[local-host]$ ssh-add

Adding identity: /home/jsmith/.ssh2/id_dsa_2048_a.pub
Need passphrase for /home/jsmith/.ssh2/id_dsa_2048_a (2048-bit dsa,
jsmith@local-host, Sun Oct 19 2008 14:49:42 -0700).
Enter passphrase:[Enter your passphrase here]

10. Perform SSH or SCP from local-host to remote-home without entering the password

[local-host]$ [You are on local-host here]

[local-host]$ ssh -l jsmith remote-host
Last login: Sun Oct 19 14:20:48 2008 from 192.168.1.10

[remote-host]$ [You are on remote-host here]


If you liked this article, please share it on delicious and Stumble it.

Add your comment

If you enjoyed this article, you might also like..

  1. 50 Linux Sysadmin Tutorials
  2. 50 Most Frequently Used Linux Commands (With Examples)
  3. Top 25 Best Linux Performance Monitoring and Debugging Tools
  4. Mommy, I found it! – 15 Practical Linux Find Command Examples
  5. Linux 101 Hacks 2nd Edition eBook Linux 101 Hacks Book

Bash 101 Hacks Book Sed and Awk 101 Hacks Book Nagios Core 3 Book Vim 101 Hacks Book

Comments on this entry are closed.

  • Alexander June 29, 2009, 2:25 pm

    Hi Ramesh,

    I just tried your instructions on setting up SSH2 -> OpenSSH connection, and I found you need to make an extra step on the SSH2 client ( taken from here: http://quark.humbug.org.au/publications/notes/ssh.txt ):

    echo “IdKey id_dsa_2048_a” >> ~/.ssh2/identification

    WIthout this, the OpenSSH server asks me for the password.

    Thanks for the clear instructions!
    Alexander

  • Shail October 3, 2012, 9:43 am

    Best Solution so far ! Thats how you write a post !

    Cheers