Re: SSH2 public key?

[Ian Lance Taylor <ian@airs.com>]

kenner@vlsi1.ultra.nyu.edu (Richard Kenner) writes:

>      Well, you sent out an SSH private key.  The question is whether you
>      generated a new private/public key pair, using ssh-keygen, before you
>      sent out the public key.  Or whether you just sent the public key you
>      already had.
> 
> Or sent some other random private key that happened to be in a file
> somewhere.  Given the amount of trouble I had getting everything to
> work, there are likely to be numerous public and private keys around in
> lots of files on different machines.  How would I go about seeing if
> that particular key private key corresponded to that particular public key?

I don't know.  I mean, one could do it by putting it in an
authorized_keys file and then using the private key with SSH to see if
I could connect, but I assume from your other comments that that would
be difficult for you.  I don't know how to do it using just an SSH
client.

>      Please generate a new SSH key pair, and send us the new public key.
> 
> I have absolutely no idea what that means or how to do it!  When I
> switched from using the VanDyke "crt" program to their "securecrt" program,
> I used it to generate various sets of keys that I copied to various places
> and kept hacking away until it worked. I never had a good understanding
> of the process since every machine seemed to have its own mechanism.

I've never used securecrt.  But the basic idea behind SSH is this:

1) SSH uses pairs of keys.
2) Each pair is composed of one private key and one public key.
3) You should keep the private key completely private.
4) You can give the public key to anybody.
5) The client has one or more private keys.
6) The server has one or more public keys.
7) When you connect, the client and server compare their keys in a
   secure manner.
8) If the client has a private key which matches a public key held on
   the server, access is permitted.

And, of course:
    http://www.employees.org/~satch/ssh/faq/ssh-faq.html

> So basically what you are suggesting would be starting from scratch.
> That would be bad enough except for the hurricane and now they are
> saying it might not be until November 15 that I can start the process of
> getting to one of those machines.

That is unfortunate, but you should not have to get to each machine to
create a new pair of SSH keys.  And, if you like, you can use a
different private key for each one of your machines.  It just means
having several public keys on gcc.gnu.org.

> As I understand it, I have to start with the Van Dyke program because it
> can't *import* a private key, but I'm not sure.  Is that right?  If so,
> I guess I can work on it, though it'll likely take much of the week.

I don't know anything about the Van Dyke program.  I looked online,
but unfortunately they don't seem to put their manual on the web.

Ian