Pubkey auth between OpenWrt router doesn't work

Ahoy friends.
I am currently running 2 OpenWrt devices in a VRRP cluster, and both should exchange the dhcp.leases files to each other, using scp and pubkey auth.
Unfortunately, it's not working properly.
I have added the ECDSA pubkey of each other, in the /etc/dropbear/authorized_keys file. Unfortunately i'm still being prompted for a password when i try to connect from one OpenWrt device, to the other one.
Pubkey auth from clients to the OpenWrt devices works fine, but not to each other.
Is it some limitation to Dropbear? Unfortunately there is no verbose output for the built-in SSH
command, so i can't troubleshoot properly.
Do i need OpenSSH maybe on the OpenWrt device to accomplish this task?

I hope someone can help me in this case :slight_smile:

1 Like

Works for me with Dropbear and Ed25519:
Enable all (main + secondary AP) Guest wifi radios from main router - #7 by vgaetera

1 Like

Have you got some suggestion on how to troubleshoot this issue?

Upgrade both devices to the latest stable OpenWrt release, and then try to run the linked code.

Thanks a lot, that's what i've tried.
Both have been compiled today with 21.02 branch.

On Router 2, 172.20.32.3 --> Connecting to 172.20.32.2, Router 1:

root@OpenWrt:~# SSH_USER="root"
root@OpenWrt:~# SSH_HOST="172.20.32.2"
root@OpenWrt:~# SSH_KEY="/etc/dropbear/dropbear_ed25519_host_key"
root@OpenWrt:~# SSH_CMD="tee -a /etc/dropbear/authorized_keys"
root@OpenWrt:~# dropbearkey -y -f "${SSH_KEY}" \
> | grep -o -e "^ssh-.*" \
> | ssh "${SSH_USER}"@"${SSH_HOST}" "${SSH_CMD}"
root@172.20.32.2's password: 
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID8WGDkIEjD8mUh3bXGqygMhHDlX25vw3oZeqGLw46F7 root@OpenWrt
root@OpenWrt:~# 


On Router 1, 172.20.32.2 --> Connecting to 172.20.32.3, Router 2:

root@OpenWrt:~# SSH_USER="root"
root@OpenWrt:~# SSH_HOST="172.20.32.3"
root@OpenWrt:~# SSH_KEY="/etc/dropbear/dropbear_ed25519_host_key"
root@OpenWrt:~# SSH_CMD="tee -a /etc/dropbear/authorized_keys"
root@OpenWrt:~# dropbearkey -y -f "${SSH_KEY}" \
> | grep -o -e "^ssh-.*" \
> | ssh "${SSH_USER}"@"${SSH_HOST}" "${SSH_CMD}"

Host '172.20.32.3' is not in the trusted hosts file.
(ssh-ed25519 fingerprint sha1!! b5:5d:5e:53:83:62:73:ba:a5:03:eb:42:89:c2:33:77:14:7f:ea:5a)
Do you want to continue connecting? (y/n) y
root@172.20.32.3's password: 
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAXndc1hwuH4BbbBKWTMCsAFEpHbz4c9gA2ZHBtSH5Jx root@OpenWrt

Unfortunately still prompting for a password on both sides.

root@OpenWrt:~# ssh root@172.20.32.3
root@172.20.32.3's password: 


My keys are not confidential, and for testing use, so they are not omitted.

1 Like

You must explicitly specify the private key:

ssh -i "${SSH_KEY}" "${SSH_USER}"@"${SSH_HOST}"
1 Like

Oh friend, this works haha, i'm really sorry, i'm massively used to OpenSSH and it's behaviour, so it was something new for me! Thanks a lot!

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.