Help - Need to do passwordless SSH login from OpenWrt Router A to OpenWrt Router B

Had no knowledge of public / private keys prior to this. But did some reading and I am not even sure if I get the concept right....

What I understand is, for SSH-clients to login passwordless to an SSH-server, in preparation the server (which holds the one and only private key) will generate the public key then distribute this public key to whichever client that wants to connect to it anytime in the future.

Assuming I have the concept right (which I am not even certain about), I tried the following but it doesn't seem to work:

  1. I made an assumption that my OpenWrt Router B (i.e. the SSH server) already has its own unique private key somehow during firmware installation, as I can see this file called 'dropbear_rsa_host_key' in /etc/dropbear

  2. I enter this command in Router B's command line to generate the public key intended for Router A: dropbearkey -y -f /etc/dropbear/dropbear_rsa_host_key

  3. I then copy the "Public Key Portion" of the output, and paste it on Router A's LUCI -> System -> Administration -> SSH-Keys screen to add the public key to Router A

  4. From Router A, I then try to ssh to router B via command line: ssh root@192.168.x.x

  5. I still get prompted for the password.

Yup I think it is evident I am totally clueless on SSH key-based connections (and public / private keys in general) and I am probably doing something terribly wrong here. Could anyone help me to make this work?

Cheers !!

Read this before posting, but too dumb to apply the info to my specific problem. And the whole article is confusing to me.

e.g. "read your public key (it's usually in ~./ssh/ on a linux system) and add it to /etc/dropbear/authorized_keys" --> Do I do this at router A or router B? Do I have to generate my public key first? If so how?

e.g. "Add your public key to the router using ssh-copy-id." --> where is ssh-copy-id? I tried typing this command and it doesn't seem to exist in the router.

"This is useful if you want to connect with ssh from this device to another device, using public key auth.

dropbearkey -y -f /etc/dropbear/dropbear_rsa_host_key"

... And I thought the 'dropbearkey' command used here is for generating the public key for use from ANOTHER device to THIS device.... ???

To me this article caused a lot of confusion. Any help clarifying what I should do would be very much appreciated.

Yes turned out I got the concept wrong.

The SSH client should actually be the one that has the private and public key pair and not the SSH server.

You then pass the SSH client's public key to the SSH server to complete passwordless SSH setup.

And you need to generate the key first at the SSH client OpenWrt router by doing this:

dropbearkey -f ~/.ssh/id_dropbear -t rsa -s 2048

When this command is done, the public key is shown. Just copy that line below the 'Public key portion is:' header then paste it in the SSH server OpenWrt router's LUCI interface.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.