[SOLVED] Linked Two Routers and Dropbear Passwordless SCP

So I am running into an issued. I have one OpenWRT router as the Master and the other as the client. I can SSH, SCP, etc between the routers but I am trying to do it a passwordless from Client to Master.
I went through all the search item for Dropbear Passwordless and have not been able to get it to work. The other client is a raspPi connected to the master that has OpenSSH and it work with no problem. The Dropbear Auth to Dropbear Auth does not seem to be working. Even made all the .ssh directories.

Is there a unique way dropbear keys work or is this not possible capability of dropbear?

https://openwrt.org/docs/guide-user/security/dropbear.public-key.auth

1 Like

Tried that and did not work still asking for password between two openwrt instances...

The dropbear client requires the private key file in a special format. Use dropbearconvert to convert it from regular OpenSSH format.

1 Like

After a couple more hours of searching still running into issue. Tried via .ssh directory and /etc/dropbear.
Ssh and dbclient both just exit with "string too long"

It seems there is no capability to use dropbear<>dropbear. Only putty/openssl<>dropbear.

How did you create the key?

Using the command dropbearkey ... rsa ... id_rsa as all the tutorial say. Then export with the -y command to make public.

Tried the -i and that's when I get the string to long once I scp it to the other openwrt router.

https://openwrt.org/packages/pkgdata/dropbearconvert

1 Like

image

"
Exited: String too long
"

Just tried again with the dropbearconvert and it still getting the String error. So for context the putty is on computer. I can long into router A with the openSSH pub key I made on A. I am trying to have passwordless login from SSH within A to log into B over the wireless connection.

Am I doing something wrong why the key from B will not let A login without a password? Do I need to disable the password login setting and risk being not being able to remote login to B?

You can have password and key login enabled at the same time. If your client has a key it will try it first.

The key should be stored in /root/.ssh/id_dropbear. The .ssh directory does not exist by default.

root@OpenWrt:~/# dropbearconvert openssh dropbear ./mykey ./.ssh/id_dropbear
Key is a ssh-rsa key
Wrote key to './.ssh/id_dropbear'
root@OpenWrt:~# ssh root@192.168.30.1

Host '192.168.30.1' is not in the trusted hosts file.
(ssh-rsa fingerprint sha1!! <redacted>)
Do you want to continue connecting? (y/n) y


BusyBox v1.30.1 () built-in shell (ash)
....
root@OpenWrtMain:~# exit
root@OpenWrt:~# scp /etc/config/wireless 192.168.30.1:/root/copyofwireless
wireless                                      100%  555     0.5KB/s   00:00  
root@OpenWrt:~#
2 Likes

If the key has been generated with dropbearkey, why is dropbearconvert still needed?

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.