How to use something like ~/.ssh/config

Lets assume we have to copy files regulary via scripts between 3 OpenWrt devices. And to make it less secure, but more easy here: use root as user on every device.
On regular linux systems I would create some public keys and a ~/.ssh/config file like this

Host MyDevice1
    User root
    HostName 192.168.1.11
    IdentityFile ~/.ssh/id_mydevice_1.key

Host MyDevice2
    User root
    HostName 192.168.1.12
    IdentityFile ~/.ssh/id_mydevice_2.key

The config file would avoid to type the name of the identity file every time I wan't to use ssh, scp, rsync, ...
And of course if I would like to change the key (or key filename) I only have to change the config file.

scp -i /root/.ssh/id_mydevice_1.key /tmp/something root@192.168.1.11:/tmp/.

would change to

scp /tmp/something MyDevice1:/tmp/.

Creating the public keys is easy. https://openwrt.org/docs/guide-user/security/dropbear.public-key.auth#generating_public_and_private_keys

The wiki says:

By default Dropbear reads `~/.ssh/id_dropbear` so putting the private key there may avoid the need to create an SSH configuration file.

But there is no hint how to use a configuration file with multiple identities on OpenWrt with default dropbear.
I'm lost, since creating a config file /root/.ssh/config does not change anything ...

are you using "real" ssh (openssh-client package, I guess) as client, or dropbear ?

I'm using the default: Dropbear

even though for Merlin, this might be helpful https://www.snbforums.com/threads/solution-asuswrt-merlin-dropbear-ssh-key-based-auth-to-from-aimesh-nodes-workstations-tutorial.74169/

Dropbear is only ssh server. For client you need to install openssh-client and then all client side configs will work.

2 Likes

Ok, but then the wiki is misleading.

By default Dropbear reads `~/.ssh/id_dropbear` so putting the private key there may avoid the need to create an SSH configuration file.

If no config file is supported at all, you can't avoid anything. It is simply useless to create such a config file.

By specifying ~/.ssh/id_dropbear you can only avoid entering the -i parameter, when using this key file.

==> the wiki should be improved

@wiki-account please create an account for @fow0ryl, so he can update the dropbear page.

1 Like

dropbear also comes with dbclient, a small ssh client (symlinked to ssh).