Results 1 to 4 of 4

Thread: HOW-TO: use keys with dropbear for a more secure box (using PuTTy)

  1. #1

    HOW-TO: use keys with dropbear for a more secure box (using PuTTy)

    'ello

    first of all you should have dropbear installed...

    create a public and private key (I used PuTTYgen) just press 'Generate'

    save the private key somewhere, you will use this file each time you login,
    create a dir in your home directory on your router:

    mkdir .ssh
    cd .ssh


    next you need to copy the public key (with ctrl+c) from puttygen, the big string in the textfield (all of it).
    in .ssh/ type:

    echo ssh-rsa AAAAB3N......8nq97Rcl5D= rsa-key-20061230 > authorized_keys
    (echo 'what you copied from puttygen here without the quotes' > authorized_keys

    your string will be longer, I've just omited a large part.
    this will create a 'authorized_keys' file.

    now add '-s' to your rc.local and your init.d file so they read '/opt/sbin/dropbear -s' this will disable ordinary password logins.

    Reboot your router.

    Now in Putty, go to settings->Connection->SSH->Auth here browse to your private key you saved with puttygen.

    now when you login, you need to have the key and the passphrase for that key (you specified passphrase in puttygen)

    you now efficiently stopped any kind of bruteforce attacks

    /regards
    Henrik

  2. #2
    What do you mean with home directory? What's the best place to store the key on the router?

  3. #3
    Quote Originally Posted by Fatboysec View Post
    What do you mean with home directory? What's the best place to store the key on the router?
    look in /etc/passwd the directory after the last ':' is your home dir, and if you followed K.C's guide it should be '/opt/home/<username>' (step 5.6)

    /regards
    Henrik

  4. #4
    Join Date
    Feb 2005
    Location
    Germany - Frankfurt
    Posts
    1,548
    Maybe some improvement for noobs:

    Quote Originally Posted by n00ben View Post
    save the private key somewhere, you will use this file each time you login,
    create a dir in your home directory on your router:

    mkdir .ssh
    cd .ssh
    You can go to home by typing "cd ~"

    Quote Originally Posted by n00ben View Post
    next you need to copy the public key (with ctrl+c) from puttygen, the big string in the textfield (all of it).
    in .ssh/ type:

    echo ssh-rsa AAAAB3N......8nq97Rcl5D= rsa-key-20061230 > authorized_keys
    (echo 'what you copied from puttygen here without the quotes' > authorized_keys

    your string will be longer, I've just omited a large part.
    this will create a 'authorized_keys' file.
    Shouldn't this be /usr/local/root/.ssh/authorized_keys? (I have a WL-HHD with oleg fw. Maybe its other than WL-700. Pardon if this is wrong...)
    For me the file is only saved after a
    Code:
    flashfs save && flashfs commit && flashfs enable
    Quote Originally Posted by n00ben View Post
    now add '-s' to your rc.local and your init.d file so they read '/opt/sbin/dropbear -s' this will disable ordinary password logins.

    Reboot your router.
    Do this only after checking its working.
    If the key file is not saved and dropbear only accepts passwordless logins you are barred.
    Quote Originally Posted by n00ben View Post
    Now in Putty, go to settings->Connection->SSH->Auth here browse to your private key you saved with puttygen.

    now when you login, you need to have the key and the passphrase for that key (you specified passphrase in puttygen)

    you now efficiently stopped any kind of bruteforce attacks

    /regards
    Henrik
    Thanks for your howto. it helped me a lot.
    wengi
    Last edited by wengi; 04-04-2007 at 08:20.

Similar Threads

  1. Replies: 3
    Last Post: 01-11-2014, 14:16
  2. possibility of using ts2 on that box?
    By asimeman in forum WL-700g Firmware Discussion
    Replies: 2
    Last Post: 08-09-2006, 13:08
  3. Can't get dropbear to keep the keys
    By mirco in forum WL-500g Q&A
    Replies: 6
    Last Post: 13-09-2004, 15:23

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •