Monday, July 26, 2010

Quickstart: SSH Public Key Infrastructure

The following quickstart was copied from

By Jim Weller

The purpose of this document is to quickly step you through using
passwordless authentication to connect to servers using the SSH2
protocol. This document is unique in that it unifies all the clients
and servers under a single identity. This document is very coarse
and expects that you'll follow along with the videos and only
use the notes as a supplement.


  1. Commercial SSH client version 3.2 or higher installed.

  2. Commercial SSH Accession agent

  3. PuTTY SSH2 Client Suite
  4. OpenSSH environment. Cygwin shown here, but Linux, Mac X, BSD, Solaris and many others apply

Video Guides

Terse Text Notes

Generating Private and Public Keys

A - Pick a strong password. You'll need to remember it because you'll type it
a couple of times during this setup and once every windows login after that.

B - Generate a key using commercial SSH.
1 edit->settings->keys->new key
Key Type: DSA
Key Length: 2048
name: dsa204_commssh
Pasword: leave blank
Comment: leave blank

C - convert the key to openssh private key format and set a password
on it. You'll have to move the key you created above to a location
where you can use ssh-keygen from the openssh package. Either cygwin
or an openssh unix box (like linux/mac) or whatever you have handy.

# convert commercialssh private to openssh private
ssh-keygen -i -f dsa1024_commercial > dsa1024_openssh
# convert openssh private to opensshpublic
ssh-keygen -y -f dsa1024_openssh >
# convert openssh public to commercialssh public
ssh-keygen -e -f >
# finally set a password on openssh private
ssh-keygen -p -N password -f dsa1024_openssh

D - go back to commercial ssh and change to the password to match.

E - Use puttygen to convert the openssh key to a putty key. Set your
password while doing it. You only need to save a private key.

Now you have 3 identical private key files with the same passphrase
for each of the three different clients. The private keys must be
kept very secure. Never share them or leave them lying around. Make a
backup copy to put in a vault, firebox, or ziploc bag.

You also have two public key files, one for each brand of server.
These are not critical files. You'll share them with the servers you
want to connect to. As shown above, you can always re-create the
public keys from the private keys.

Just remember the server gets the public key of its flavor. The client
uses the private key of its flavor.

Making the Connection

Here are all the connection combinations

c - commercial ssh
o - openssh
p - putty

Client -> Server
c -> c
o -> c
p -> c

c -> o
o -> o
p -> o

You don't have to learn all six. You just need to learn 5 things. 2
ways to put public keys on servers and 3 clients to connect using
private keys.


You have to connect to the server at least once with a password in
order to perform these operations. Very high security environments
might have someone else do this for you. Either way, you have
to have your account on the server configured to accept your
public key.

1 - OpenSSH server

connect to the server
# mkdir .ssh
# chmod 700 .ssh
# cd .ssh
copy the OpenSSH public key file and append it to authorized_keys

2 - Commercial SSH server

connect to the server
# mkdir .ssh2
# chmod 700 .ssh2
# cd .ssh2
copy the commercial ssh public key file and put it in it's own file on the server
add a line to the authorization file to reference your key


By default you have to authenticate against your key every time you
connect to a server. This is good for security because you never send
a password over the wire; just big complex key strings. It's a pain
for you though. That's why most clients have an "agent" which runs in
the background on your computer and remembers the keys you
authenticated against. It's very convenient.

COOL!: Once the ssh-agent is running. You can eject your USB keychain. The
authentication ends when either you 1 kill the agent 2 exit your windows session
(killing the agent) 3 deallocate the key from the running agent.

1 - PuTTY and Pageant
start pageant.exe
right click the icon->add key
browse for your .PPK key
select the PPK key
type the key's password
launch putty sessions to servers having the key

2 - Commercial SSH Client and Accession
start accession
click add key
browse for your dsa2048_commssh
type the key's password
launch commercial ssh sessions to servers having the key

3 - OpenSSH client, ssh-agent, and ssh-add

ssh-agent bash -login
# bash -login could be another program like X or xterm or login
ssh-add /YourUsbKeyStore/dsa2048_openssh
# type your password
# launch openssh sessions to servers having the key

Getting your public key into banner
----------------------------------- (aka Toklat) is a commercial SSH server. So all the
notes I presented earlier about commercial ssh servers still apply. differs because statewide does not give you a standard
shell like bash or csh. They give you a homegrown menu system that
keeps you in a sandbox.

S for shell commands
D for directory commands
2-y-.ssh2 to make the .ssh2 directory
1-y-.ssh2 to change to the .ssh2 directory
R to return to the main menu
4 or to edit a file with emacs or vi respectively (this is the file from the videos). Paste your commercial public key into the file
4 or 5-y-authorization add 'Key' to this file just like in the videos

You're done. You should be able to SSH in using public key
authentication. I don't know yet how this relates to you password on
glacier, but I assume you'll never need to worry about it which is
fine as this is a billion times more secure.

Free Open Source Parametric 3D CAD on Linux

The folks looking for a free and open source option for a Parametric 3D CAD have theirs choice now. HeeksCAD is a parametric 3D CAD, based on the open source modeler OpenCascade.

Actually it is for Linux and Windwos. It uses WX Widgets as its widget set.

The HeeksCAD site lacks on screenshots, as long as they are keeping a good work on the software... (let the community provides the screenshots ;-)

Googling a little we can found a good discussion in a forum at

From the forum discussion above, I had extracted the following shots:

I had already used the Salome (another OpenCascade based tool), but the CAD it provides where more for geometry design for finite element pre and post processing. Diferent from Salome, HeeksCAD has much more functionalities from CADs like Pro/Engineer and SolidWorks.

I have around 8 years of experience in Pro/Engineer and 5 years using SolidWorks, I had no difficult to start modeling on HeeksCAD.

There are another Free and Open Source CAD based on OpenCascade. I had tried the gCAD, the FreeCAD and the HeeksCAD. The three are good, but the one which I was more productive was the HeeksCAD.

Thursday, July 1, 2010

uSleep on windows (win32)

I am facing a terrible issue regarding timing on windows.

Googling arround, I've found those infos:

Using QueryPerformanceCounter and QueryPerformanceFrequency APIs in Dev-C++
QueryPerformanceCounter() vs. GetTickCount()
How to time a block of code
And Results of some quick research on timing in Win32

With that I'm trying to write something like a uSleep function for windows:


void uSleep(int waitTime){
__int64 time1 = 0, time2 = 0, sysFreq = 0;

QueryPerformanceCounter((LARGE_INTEGER *)&time1);
QueryPerformanceFrequency((LARGE_INTEGER *)&freq);
QueryPerformanceCounter((LARGE_INTEGER *)&time2);

// }while((((time2-time1)*1.0)/sysFreq)<waitTime);
}while( (time2-time1) <waitTime);

There is also already a nanosleep at:
and a usleep at MKSToolkit at: