Hello,

I've already post  few weeks ago for that.

In fact, I'd like to make a system of private/public key between my openwrt and debian on a compuler linux.

I'd like that from my openwrt, if I do:
ssh thierry@private_ip__of_debian

he loggs to ssh server of debian without asking me a password.

I tried to generate keygen with ssh-keygen, but there is'nt this command in openwrt even with client openssh installed:

oot@OpenWrt:~# ipkg list_installed|grep "ssh"
openssh-client - 4.0p1-1 - OpenSSH client
openssh-client-utils - 4.0p1-1 - OpenSSH client utilities

So after if I manage to generate a pair of key from openwrt, I will have to copy the public key to my debian, and it will work I think.

I precise that I want to connect from openwrt to my debian, and not in the other side...

I use the default ssh server of openwrt which is dropbear.

I can keep it to do that? Or it's recommend to install openssh server instead of dropbear?

And if I have to do that, is it simple in case of problem, to reinstall dropbear with my initial configuration?

Thanks a lot :-)

Um... I'm not exactly sure about this one, but I think you could generate the keypair on your deb box and copy the private key to your wrt.

Ok,
I'll try :-)

Thanks.

The following from the Dropbear README file might help you:

Server public key auth:

You can use ~/.ssh/authorized_keys in the same way as with OpenSSH, just put
the key entries in that file. They should be of the form:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname

You must make sure that ~/.ssh, and the key file, are only writable by the
user.

NOTE: Dropbear ignores authorized_keys options such as those described in the
OpenSSH sshd manpage, and will not allow a login for these keys.

============================================================================

Client public key auth:

Dropbear can do public key auth as a client, but you will have to convert
OpenSSH style keys to Dropbear format, or use dropbearkey to create them.

If you have an OpenSSH-style private key ~/.ssh/id_rsa, you need to do:

dropbearconvert openssh dropbear ~/.ssh/id_rsa  ~/.ssh/id_rsa.db
dbclient -i ~/.ssh/id_rsa.db <hostname>

Currently encrypted keys aren't supported, neither is agent forwarding. At some
stage both hopefully will be.

Hello

I had the same problem acessing the Openwrt from a Netbsd box with a pulic key.

When using Dropbear as server with public keys, dropbear checks if $HOME, $HOME/.ssh
and $HOME/.ssh/authorized_keys are not writable by the group or others, the problem is
directory /tmp (home for root) is 0777 because it should be writable by dnsmasq (running
as nobody).

Solving the problem :
    Change $HOME for root in /etc/passwd
    or
    Patch svr-authpubkey.c (lines 284-286)

I don't know what is the better solution, i'm trying the second (in RC3)

Marc

I wrote a howto:

- http://wiki.openwrt.org/DropbearPublicK … ationHowto

Maybe that helps.