OpenWrt Forum Archive

Topic: Dropbear PublicKey Authentication for multiuser setup

The content of this topic has been archived on 21 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

I have successfully added a new user in /etc/passwd with a group in /etc/group and assigned a password.

I can login with that user with ssh - but only with password.

I have createt id_dsa.pub, id_dsa and added id_dsa.pub to authorized_keys in /home/user/.ssh  - and places id_dsa on my client.

- But I am asked for password every time I try to login. If I add the same key to /etc/dropbear/authorized_keys, I can login without password as both user and root.

I am using the system as a sort of rsnapshot based remote backup - so I really need a passwordless solution.

/Thomas

It seems that "$HOME/.ssh/authorized_keys" isn't enabled/compiled? in whiterussian's dropbear (I could not make it work).

My skirting solution for a similar problem (enable WAN access for port forwarding by user only) was to create a second dropbear instance (on a different port) with root and password login disabled (hence limited to the ONLY other user I configured).

I just added the following command to the "/etc/init.d/S*dropbear" script :
/usr/sbin/dropbear -p 2222 -s -w

The access restriction is done by firewalling (port 22 is only accessible from LAN, 2222 from WAN).

The global authorized_keys remains in "/etc/dropbear" ...

Hope this helps.

(Last edited by ylav0 on 2 Nov 2006, 18:03)

I can confirm, that dropbear uses authorized keys for normal users located in ~/.ssh/authorized_keys in WhiteRussian RC6

Yeap, same here, must use ~/.ssh/authorized_keys.

Thanks.

The discussion might have continued from here.