Another description
how it works for me:
Code:
[admin@router root]$
[admin@router root]$ cd .ssh
[admin@router .ssh]$ ls
authorized_keys identity known_hosts
more authorized_keys
ssh-rsa Really-Long-String_goes_here_ended_with= My_Login@remote.host.in.the.net
[admin@router .ssh]$
where really long string is public_key. The whole string was taken (in my case) from .ssh directory on host.in.the.net machine
Code:
host.in.the.net% cd
host.in.the.net% cd .ssh
host.in.the.net% ls id_rsa.pub
id_rsa.pub
park-11% more id_rsa.pub
ssh-rsa Really-Long-String_goes_here_ended_with= ab@park-11.park.rambler.ru
host.in.the.net%
After that scp from Host.in.the.net works like that
Code:
host.in.the.net% cd
host.in.the.net% scp admin@router:index.html ./
socket: Protocol not supported
index.html 100% |*****************************| 0 00:00
FW Olegs 1927CR4, Asus WL-500g.
Few notes
a) I do not know (and don't really care ) what "socket: Protocol not supported" warning means. It was there always and it worked.
b) In my case actual scp stringis a bit different since my router is behind providers' NAT and I had to establish port fowarding at host.in.the.net.
c) As far as I know host.in.the.net has OpenSSH, and file name for rsa_id.pub may be different in other setups. I beleive it is default but you never know admins.
d) As far as I know ssh-rsa is protocol identifier, and last field My_Login@... is just a comment for user's comfort.
e) Always check that whole_long line is one line and is not wrapped using copy-paste (if you don't use method described below).
Step by step guide may looks like this:
1) check on your router that ssh installed, enabled and works (that means that you can ssh router_ip and log in with password) Also check that there is .shh directory in /usr/local/root/
2) On Host.in.the.net locate ~/.ssh directory and file rsa_id.pub in it. (subdir name and file name may vary)
3) execute following on host.in.the.net
Code:
scp ~/.ssh/rsa_id.pub admin@router.ip:.ssh/pubkey.host.in.the.net
Password:
In response to Password prompt enter your admin password on router.
4) ssh to your router and check that pubkey.host.in.the.net exists in /usr/local/root/.ssh
5)execute on your router:
Code:
cat /usr/local/root/.ssh/pubkey.host.in.the.net >> /usr/local/root/.ssh/authorized_keys
Note two >> in command line (not to overwrite previously added public keys) and spelling of authorized_keys.
6) check if it works by executing ssh admin@router.ip from Host.in.the.net. Normally it should allow to login as admin without prompting for password.
7) If 6) is true, than flashfs save, flashfs commit, flasfs enable your router as usual.
Hope it helps.
So it goes,
Roofcat