Using OpenSSH public keys with OpenVMS (and SSH2)
21 January 2009 Leave a comment
Every Linux box comes with OpenSSH, as does every BSD (at least, I don’t know of any that don’t). UNIX almost invariably comes with OpenSSH as well (although Tru64 is a dying hold-out).
However, OpenVMS 8 comes with an implementation of SSH that appears to be very similar to the commercial SSH produced by F-Secure and distributed by Attachmate.
To use your OpenSSH keys with VMS, a conversion is required – and the configuration files are different as well.
The versions of SSH used are:
VMS $ ssh "-V"
$1$dga010:[sys1.syscommon.][sysexe]tcpip$ssh_ssh2.exe: SSH Secure Shell OpenVMS
(V5.5) 3.2.0 on HP rx2660 (1.40GHz/6.0MB) - VMS V8.3
UNIX $ ssh -V
OpenSSH_5.1p1, OpenSSL 0.9.8g 19 Oct 2007
First, the key must be converted. Using OpenSSH this is easy (assume that the OpenSSH key my_key.pub already exists):
$ ssh-keygen -e -f my_key.pub > my_vmskey.pub
Then copy this file to your VMS login directory, putting it into the directory
[.ssh2] (relative to your VMS login directory). Let's assume that the UNIX host is named openssh:
VMS $ scp openssh:~/my_vmskey.pub .
Then edit the file
AUTHORIZATIONS to include this line:
Then be sure to test it out from your OpenSSH host:
openssh $ slogin vms
The authenticity of host 'vms (10.6.4.4)' can't be established.
DSA key fingerprint is 46:43:2f:df:0a:4b:37:e2:4f:f9:63:05:21:84:c9:44.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'vms' (DSA) to the list of known hosts.
Welcome to HP OpenVMS Industry Standard 64 Operating System, Version V8.3
Note that since you've not logged into the VMS machine previously, it must have its fingerprint added to the file known_hosts.
There is a good article about key conversions that seems to cover all the bases.