[Solved] Can't SSH to router with key

Hi!

I flashed today my new Asus RT-AC85P router.

I copied my public key to the router with the command: ssh-copy-id root@192.168.XX.XXX
But when i try to connetct with ssh, it prompts formy password.
Here are the last lines from the output with ssh -vvv root@192.168.XX.XXX:

debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/fricsz/.ssh/id_ecdsa ECDSA SHA256:3zH1fGDilBbj2xKkC4h9N03KdAhG9Sf4qLwk30cBCKE agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/XX/.ssh/id_rsa
debug3: no such identity: /home/XX/.ssh/id_rsa: No such file or directory
debug1: Trying private key: /home/XX/.ssh/id_dsa
debug3: no such identity: /home/XX/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/XX/.ssh/id_ecdsa_sk
debug3: no such identity: /home/XX/.ssh/id_ecdsa_sk: No such file or directory
debug1: Trying private key: /home/XX/.ssh/id_ed25519
debug3: no such identity: /home/XX/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /home/XX/.ssh/id_ed25519_sk
debug3: no such identity: /home/XX/.ssh/id_ed25519_sk: No such file or directory
debug1: Trying private key: /home/XX/.ssh/id_xmss
debug3: no such identity: /home/XX/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password

I have id_ecdsa.pub in /home/XX/.ssh directory, but it serches id_ecda_sk. I can ssh with my key to my rpi-s and to cloud servers.

I copied over Luci my public key too, but nothing changed.

Please, help, what did i wrong.

The SSH server in OpenWrt (dropbear) does not use keys in the home directory, which is what ssh-copy-id tries to do automatically. Instead install the public key in /etc/dropbear/authorized_keys. The LuCI page should do that.

On your client, explicitly specify the private key with ssh -i privatekeyfile ...

1 Like

Thanks for your quick reply.
The public key is in /etc/dropbear/authorized_keys, if i try with command ssh -i path/to/privatekeyfile root@192.168.XX.XXX i got following:

debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/fXX/.ssh/id_ecdsa ECDSA SHA256:3zH1fGDilBbj2xKkC4h9N03KdAhG9Sf4qLwk30cBCKE explicit agent
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password

I tried chmod 755 -R /etc/dropbear/ , but nothing changed.

In the end it was solved that i generated a new key-pair, 3072-bit RSA. Copied this .pub file to /etc/dropbear/authorized_keys, and now i can ssh without password. With id_ecdsa it not woks for me.

Thanks for your help!

1 Like

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.