IBM Support

How to import an SSH2 public key received from a trading partner for use with Connect:Enterprise UNIX

Question & Answer


Question

How to import an SSH2 public key received from a trading partner for use with Connect:Enterprise UNIX

Answer

Connect:Enterprise UNIX does not support SSH2 formated public keys. It only supports OpenSSH formated public keys. In order to use the SSH2 public key with Connect:Enterprise the SSH2 key must be converted.


Example of an SSH2 public key:
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "1024-bit RSA C:E UNIX SSH Server Host Key"
AAAAB3NzaC1yc2EAAAABIwAAAIEAuAytRxftq9hMj34qER6LcOMKXgXSykiyqq4GZuv0wqy
D8jRK8HxfK0n8GTTQbUxp6SwiwnO/Ty0+i7H8wrtz8V9JLvrFOb0iF0nKoKmpoSoxqWrs
Iv2TAMyA4hSGdXMrH9FAb94rWlGGmdaTOy3SdE62o+5Wu3dAyXZjaxvlris=
---- END SSH2 PUBLIC KEY ----


START THE PROCEDURE TO CONVERT SSH2 to OPENSSH PUBLIC KEY:

This example is using testpub as the rsd name.

cd $CMUHOME/ssh/users

mkdir testpub

cp <dir path>/remote.key testpub (The SSH2 public key is remote.key)

cd testpub

pwd
/sci/ceunix/ce2402/ssh/users/testpub

ls
remote.key

cmusshkey -i -f authorized_keys -F remote.key -r testpub

This will be displayed after running the cmusshkey command:
cmusshkey: ssh host key generation and maintenance utility
Importing public host key.
================= Printing '/sci/ceunix/ce2402/ssh/users/testpub/remote.key' File ============
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "1024-bit RSA C:E UNIX SSH Server Host Key"
AAAAB3NzaC1yc2EAAAABIwAAAIEAuAytRvGq9hMj34qER6LcOMKXgXSykiyqq4GZuv0wqy
D8jRK8HxfK0n8GTTQbUxp6SwiwnO/Ty0+i7H8wrtz8V9JLvrFOb0iF0nKoKfjukSoxqWrs
Iv2TAMyA4hSGdXMrH9FAb94rWlGGmdaTOy3SdE62o+5Wu3dAyXZjaxvlris=
---- END SSH2 PUBLIC KEY ----
============================================================================
> Enter optional prefix host data or hit enter for none.

<PRESS ENTER>

To display the new OpenSSH key:
cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAuAytRvGq9hMj34qER6LcOMKXgXSykiyqq4GZuv0wqy
D8jRK8HxfK0n8GTTQbUxp6SwiwnO/Ty0+i7H8wrtz8V9JLvrFOb0iF0nKoKfjukSoxqWrs
Iv2TAMyA4hSGdXMrH9FAb94rWlGGmdaTOy3SdE62o+5Wu3dAyXZjaxvlris=

NOTE: If the users rsd directory and authorized_key file already exist then change the cmusshkey command and change the -f authorized_keys parameter to a different name. Then manually add the key into the existing authorized_keys file. You can also use an OpenSSH utility to convert the SSH2 public key.

[{"Product":{"code":"SSFVK3","label":"IBM Sterling Connect:Enterprise for UNIX"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

Historical Number

HTG1299

Document Information

Modified date:
17 December 2019

UID

swg21563272

Page Feedback