Results 1 to 7 of 7

Thread: Dropbear SSH server with key authentication

  1. #1
    Join Date
    Dec 2004
    Location
    Grimstad, Norway
    Posts
    19

    Dropbear SSH server with key authentication

    I have a WL-500g with 1.9.2.7-5a firmware. I Use the built-in dropbear SSH server to SCP images from the router to my dedicated server. The SCP command is run form my server, and not from the router.

    My problem is that the SCP command is run automatically by a cron-job, and the SCP command requires a password. I have read quite a lot on the internet, and found out that i need to authenticate the machines via no-password keys placed in the authorized_keys file on the server (the WL-500g).

    How do I do that on WL-500g? Do dropbear and OpenSSH use the same keys (don't think so..), and how do I convert/create them? And where shall i place the authorized_keys file, and how does it look like on a dropbear server?

    I hope that someone will help me.
    Thanks.

  2. #2
    Quote Originally Posted by Muffe
    How do I do that on WL-500g? Do dropbear and OpenSSH use the same keys (don't think so..), and how do I convert/create them? And where shall i place the authorized_keys file, and how does it look like on a dropbear server?

    I hope that someone will help me.
    Thanks.

    just put your public ssh2 key to ~/.ssh/authorized_keys and check permissions (writable only by owner, owner = user).

    since dropbear is only SSHv2 client/server use only SSHv2 and remember that keys are NOT checked against .ssh/authorized_keys2 file...

  3. #3
    Join Date
    Dec 2004
    Location
    Grimstad, Norway
    Posts
    19
    I have now placed my ssh_jost_rsa_key.pub from my dedicated server in the ~/.ssh/authorized_keys file on my WL-500g. But it still does not work. I still have to type in the pasword.

    I read some place in the dropbear README that I had to convert the key to a dropbear key fomat frst... Does anyone know something about this, or any other issues with passwordless authentication? The whole clue is that I can't use passwords...

    Thanks.

  4. #4
    Is you key in the format:
    ssh-rsa <key> admin@myrouter

    I had to edit my generated key to look like that.. And make sure it is on one line..

    S.

  5. #5
    The authentication with openssh and dropbear works. Editing the key was not needed.

    Be sure you check following things:

    private key on client
    user@client:$ ls -l $HOME/.ssh/id_rsa
    should result in this permissions and this filename
    -rw------- 1 user group 1743 2004-09-26 13:23 /home/user/.ssh/id_rsa

    public key on router
    admin@router:$ ls -l $HOME/.ssh/authorized_keys
    should result in this permissions and this filename
    -rw------- 1 admin root 389 2004-09-26 13:23 /usr/local/root/.ssh/authorized_keys

    each dir $HOME/.ssh should have the permissions 0700

    try to connect from the server to the client with ssh -vv and read the long output. It helps

  6. #6
    Join Date
    May 2004
    Location
    Moscow, Russia
    Posts
    50
    Another description
    how it works for me:

    Code:
    [admin@router root]$
    [admin@router root]$ cd .ssh
    [admin@router .ssh]$ ls
    authorized_keys  identity         known_hosts
    more authorized_keys
    ssh-rsa Really-Long-String_goes_here_ended_with=  My_Login@remote.host.in.the.net
    [admin@router .ssh]$
    where really long string is public_key. The whole string was taken (in my case) from .ssh directory on host.in.the.net machine
    Code:
    host.in.the.net% cd
    host.in.the.net% cd .ssh
    host.in.the.net% ls id_rsa.pub
    id_rsa.pub
    park-11% more id_rsa.pub
    ssh-rsa Really-Long-String_goes_here_ended_with= ab@park-11.park.rambler.ru
    host.in.the.net%
    After that scp from Host.in.the.net works like that
    Code:
    host.in.the.net% cd
    host.in.the.net% scp admin@router:index.html ./
    socket: Protocol not supported
    index.html           100% |*****************************|     0       00:00
    FW Olegs 1927CR4, Asus WL-500g.

    Few notes
    a) I do not know (and don't really care ) what "socket: Protocol not supported" warning means. It was there always and it worked.

    b) In my case actual scp stringis a bit different since my router is behind providers' NAT and I had to establish port fowarding at host.in.the.net.

    c) As far as I know host.in.the.net has OpenSSH, and file name for rsa_id.pub may be different in other setups. I beleive it is default but you never know admins.

    d) As far as I know ssh-rsa is protocol identifier, and last field My_Login@... is just a comment for user's comfort.

    e) Always check that whole_long line is one line and is not wrapped using copy-paste (if you don't use method described below).

    Step by step guide may looks like this:

    1) check on your router that ssh installed, enabled and works (that means that you can ssh router_ip and log in with password) Also check that there is .shh directory in /usr/local/root/

    2) On Host.in.the.net locate ~/.ssh directory and file rsa_id.pub in it. (subdir name and file name may vary)

    3) execute following on host.in.the.net
    Code:
    scp ~/.ssh/rsa_id.pub admin@router.ip:.ssh/pubkey.host.in.the.net
    Password:
    In response to Password prompt enter your admin password on router.

    4) ssh to your router and check that pubkey.host.in.the.net exists in /usr/local/root/.ssh

    5)execute on your router:
    Code:
    cat /usr/local/root/.ssh/pubkey.host.in.the.net >> /usr/local/root/.ssh/authorized_keys
    Note two >> in command line (not to overwrite previously added public keys) and spelling of authorized_keys.

    6) check if it works by executing ssh admin@router.ip from Host.in.the.net. Normally it should allow to login as admin without prompting for password.

    7) If 6) is true, than flashfs save, flashfs commit, flasfs enable your router as usual.

    Hope it helps.

    So it goes,
    Roofcat

  7. #7

    SSH public key and putty

    I tried to connect with putty by using a public key. But I couldn't get it to work. Is there someone here who was able to connect with putty using a public key. I used the program puttygen to generate a pair of keys but dropbear doesn't understand the key.
    I also tried to generate a key with dropbear on the asus, but then putty doens't recognise the key.

    Any help should be welcome.

Similar Threads

  1. Replies: 3
    Last Post: 27-05-2005, 23:21
  2. dropbear / ssh from wan
    By yilias in forum WL-500g Q&A
    Replies: 3
    Last Post: 24-04-2005, 20:50
  3. authentication against ftp user+pass
    By rexster in forum WL-500g Q&A
    Replies: 0
    Last Post: 22-04-2005, 16:19
  4. Can't get dropbear to keep the keys
    By mirco in forum WL-500g Q&A
    Replies: 6
    Last Post: 13-09-2004, 15:23
  5. New firmware - dropbear ssh
    By Oleg in forum WL-500g Custom Development
    Replies: 6
    Last Post: 10-03-2004, 12:30

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •