• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • UC Berkeley
  • Berkeley Engineering
  • EECS

Header Search Widget

IRIS

Instructional & Research Information Systems

  • About Us
  • Get Started
  • Get Help
  • FAQ
    • FAQ: Accounts
    • FAQ: EECS Slack
    • FAQ: File Storage
    • FAQ: Hardware
    • FAQ: MacOS
    • FAQ: Mail
    • FAQ: Mailing Lists
    • FAQ: Network
    • FAQ: Security
    • FAQ: Unix
    • FAQ: Web
    • FAQ: Windows
  • Services
    • Accounts
    • Backups
    • E-mail
    • EECS Login Servers
    • File Storage
    • Infrastructure
    • Mailing Lists
    • Network
    • Printing
    • Room Reservations
    • Security
    • Software
    • Unix
    • Web
  • Policies
  • Forms
    • System Registration/Update
    • Account Request Form
    • Network Problem Report
    • SSL Certificate Request
    • All Other Forms
  • Rates

SSH Keys

  • Creating an SSH (non-OpenSSH) Public Key
  • Creating an OpenSSH Public Key
  • Connecting from an OpenSSH Client to an SSH Server
  • Connecting from an SSH Client to an OpenSSH Server
  • Configuring SSH in UNIX to Not Require A Password

Creating an SSH (non-OpenSSH) Public Key

To create a public key for use in automatic authentication with SSH2 do the following:

  1. SSH into your favorite unix machine running SSH2.
  2. Type ssh-keygen
  3. You will be prompted to give a passphrase, give it a good one.
  4. If you accepted the default names, you will now have a file called “identity” and a file called “identity.pub” in your ~/.ssh2 directory. “identity” is your private key and “identity.pub” is your public key that you can use to automate authentication on machines that you give it to.

Creating an OpenSSH Public Key

To create a public key for use in automatic authentication with ssh do the following:

  1. SSH into your favorite unix machine running OpenSSH, such as login.eecs.
  2. Type ssh-keygen -t dsa
  3. When the program asks you to “Enter file in which to save the key” just press “enter”
  4. You will be prompted to give a passphrase, give it a good one.
  5. If you accepted the default names, you will now have a file named “id_dsa” and a file called “id_dsa.pub” in your ~/.ssh directory. “id_dsa” is your private key and “id_dsa.pub” is your public key, that you can use to automate authentication on machines that you ssh into.

Connecting from an OpenSSH Client to an SSH Server

Use this procedure if your local machine is running OpenSSH.

  1. Make sure you have an OpenSSH public key. Refer to Creating an OpenSSH Public Key for more details.
  2. Generate a representation of your OpenSSH public key that SSH2 understands:
    • Run ssh-keygen -e -f ~/.ssh/id_dsa.pub > ~/.ssh2/id_dsa.pub
    • Notice that we are reading the OpenSSH key under “.ssh”, but we are writing the converted key under “.ssh2”. Don’t overwrite the original file!
  3. On the machine you want to ssh to (the one running the SSH server), make sure you have a ~/.ssh2/ directory. Then, copy your newly created SSH public key to that machine.
    • scp ~/.ssh2/id_dsa.pub
      machine.berkeley.edu:.ssh2/my_client_machine_id_ds.pub
      (where my_client_machine is replaced by the hostname of your client machine).
  4. Inform the SSH server that you will accept this public key. On the machine that is running the SSH server:
    • Run echo “Key my_client_machine_id_dsa.pub” >> ~/.ssh2/authorization
    • This file is similar to the “~/.ssh/authorized_keys2” file used by OpenSSH. Rather than listing public keys, though, it lists the names of files in which those public keys can be found.

Connecting from an SSH Client to an OpenSSH Server

  1. Log into a machine running SSH2
  2. Make sure you have an SSH public key. If you do type: ssh-keygen2 -e ~/.ssh2/id_dsa_1024 and remove the passphrase. If not, the following command should create two files: ~/.ssh2/id_dsa_1024_a and ~/.ssh2/id_dsa_1024_a.pub. The -P option turns off the passphrase. Remove it if you want to use a passphrase.
    • ssh-keygen2 -b 1024 -t dsa -P
  3. Copy the SSH public key to your OpenSSH computer that you want to ssh to.
    • scp ~/.ssh2/id_dsa_1024_a.pub machine.berkeley.edu:.ssh/SSH_id_dsa_1024_a.pub
  4. Log into a machine running OpenSSH
  5. Perform the conversion by running the following commands:
    • ssh-keygen -i -f ~/.ssh2/id_dsa_1024_a > ~/.ssh2/my.OpenSSH.key
    • ssh-keygen -p -f ~/.ssh2/my.OpenSSH.key
  6. Copy the contents of OpenSSH_id_dsa_1024_a.pub into a file called ~/.ssh/authorized_keys. Be careful with the linefeeds. Each key should be on its own single line.
  7. Log back on to a machine running SSH2
  8. Restore your passphrase for the SSH2 private key by running:
    • ssh-keygen2 -e ~/.ssh2/id_dsa_1024_a

Configuring SSH in UNIX to Not Require A Password

On unix you can use an ssh-agent to manage your ssh connections so that you don’t have to type a password every time when logging into other unix machines.

  1. Add the following lines to your .login (this assumes a login shell of csh/tcsh): eval `ssh-agent -c` ssh-add
  2. Add this line to your .logout: eval ‘ssh-agent -k’

Make sure you still have your “identity.pub” in the remote machine’s authorized_keys file.

Primary Sidebar

IRIS Service Status

Green
We have 0 Active Incidents, and 0 Scheduled Maintenances noted.

IST Service Status

Outages to campus services are listed at berkeley.statusdashboard.com.

Recent Highlights

IRIS to begin syncing names from CalNet

March 9, 2023 by Lars Rohrbach

Upcoming Change to EECS Firewall Handling of SSH

September 22, 2022 by Lars Rohrbach

  • About
  • Contact
  • PRIVACY
  • ACCESSIBILITY
  • NONDISCRIMINATION

© 2022–2023 UC Regents  |  Log in