Howto: Convert an OpenSSL key to a public/private OpenSSH key-pair

at · Tags: , , , , , , , , , , , , , , , , ,

This howto demonstrates how to convert an OpenSSL key to a public/private OpenSSH key-pair.

The motivation for converting this is simple — dual use. That is to say, any user or application that has been issued a certificate can now use their SSL-based credentials for both SSL- and SSH-based authentication.

Requirements
You’ll need a valid certificate and private key — actually only the key is required. This recipe assumes that your certificate and key will have the names user-crt.pem and user-key.pem, respectively. If your key is encrypted (which it should be), you’ll also need to have it’s passphrase handy.

You’ll need a shell account on a system that supports OpenSSH logins using public/private key authentication.

Solution
The solution is to extract the public key from the private key using ssh-keygen, copy the new key-pair into place, and test them out.

1. Copy the private SSL key to ~/.ssh/id_ssl.
$ cp user-key.pem ~/.ssh/id_ssl
$ chmod 600 ~/.ssh/id_ssl

2. Extract the public SSH key using ssh-keygen.
$ ssh-keygen -y -f ~/.ssh/id_ssl > ~/.ssh/id_ssl.pub
$ chmod 600 ~/.ssh/id_ssl.pub

3. Add the public key to your authorized_keys
$ cat ~/.ssh/id_ssl.pub >> ~/.ssh/authorized_keys

4. Test the new key by attempting to SSH to localhost.
$ ssh -i ~/.ssh/id_ssl localhost

At this point, you’ll need to enter your passphrase (assuming you had one), and if all goes well, you’ll be sitting at a new shell prompt.

5. Remove the test key from your authorized_keys file.

In theory, a single certificate and key issued to an employee would be sufficient to access all participating SSL- and SSH-based resources in a given environment (or perhaps the entire company).

This post is based on an original recipe by Klayton Monroe.

Related posts:

  1. SSL: Verifying that a Certificate matches a Private Key
  2. SSH Key for Login Without Password
  3. Openssl to create an unencrypted key from an encrypted one (Remove password)
  4. Howto Create Generate a Certificate Signing Request
  5. Howto Convert Text File From UTF-8 to ISO-8859-1 Encoding
  6. GnuPG/GPG: Exporting your Public Key
  7. Sending Spam with SWT
  8. SSL Certificates Review: What to Buy
  9. OpenSSL CSR Wizard
  10. OpenSSH: Disabled Reverse DNS Lookup

Comments (1)

How to Mount a Remote Filesystem Using SSH and sshfs

at · Tags: , , , , , , , , , , , , , , , ,

From time to time I work on remote servers and some times it would be very useful to be able to mount the remote file system on my local machine. Recently I found sshfs, which is a filesystem client based on the SSH File Transfer Protocol and since most *nix like servers; Linux, FreeBSD, NetBSD, OpenBSD servers with OpenSSH installed already support this protocol it is very easy to set up – Read: on the server side there’s nothing to do, setup or configure. On the client side mounting the filesystem is as easy as logging into the server with SSH.

Technically (more) the sshfs is based on FUSE, which is the best userspace filesystem framework for linux ;-)

Here is how I connect to my remote SSH-based servers and hosts:


$ sshfs -o uid=1000,gid=1000 cc@remote.host.com:/home/cc /media/mountpoint

I use the uid and gid arguments to give my own normal user with those uid and gid to have write access to the mounted filesystem.

This post describes the sshfs in more details and moreover howto use it on Ubuntu and Debian.

The sshfs website.

Related posts:

  1. Howto: Resize Xen Loop Disk Image
  2. Installing Xen on Debian Etch 4.0
  3. Xen Howto: Install Windows
  4. Remote Control Your Computer with Your iPhone
  5. Sockets Programming in Java
  6. How to mount bin / cue image files in Linux
  7. Migrate existing Ext3 filesystems to Ext4
  8. Howto: How to Reset the MySQL Root Password
  9. Ubuntu Howto: Install Xen
  10. Howto Install Windows XP / Vista on Xen

Comments