ErwinL
November 19, 2017, 4:30pm
1
I need my wlan-router to auto-login at startup to another host via SSH.
( https://www.studentenwerk-leipzig.de/sites/default/files/media/files/use_of_wireless_routers_and_mobile_devices_in_studnet.pdf )
Usually the Dropbear SSH client (dbclient) allows you to specify the password through an environment variable.
https://www.dd-wrt.com/wiki/index.php/SSH#Automatic_Login_.28for_shell_scripts.29
My custom router startup script works fine with dd-wrt versions until april of 2015.
while true
do
DROPBEAR_PASSWORD='passwod' ssh -y username@ip.of.remote.host
sleep 5
done
In future versions the script stops at password login.
Unfortunately there is no dd-wrt version from before april of 2015 for my new router (TL-WR710N(EU) V 1.2).
Thus I installed openwrt 15.05.1
and tried from routers command line:
DROPBEAR_PASSWORD='passwod' ssh -y username@ip.of.remote.host
to check, if auto login to remote host works. But I'm asked for password. That means, there is the same problem with variable handling as in recent versions of dd-wrt.
Then I installed LEDE 17.01.4 and there is the same problem.
Can anyone confirm, that automatic password login to remote host by DROPBEAR_PASSWORD variable doesn't work?
Regards,
ErwinL
ErwinL
November 20, 2017, 4:01pm
2
Am 20.11.2017 um 16:44 schrieb Matt Johnston:
OK, it looks like they're deliberately disabling it.
https://github.com/lede-project/source/blob/master/package/network/services/dropbear/patches/120-openwrt_options.patch#L77
I guess add that to the LEDE bug. I'd be surprised it if
made any real difference to binary size.
Cheers,
Matt
Can you login using key authentication?
ErwinL
November 20, 2017, 5:32pm
4
No, I can't because the remote host is not under my control. The remote host is the internet access control server of my internet provider. The internet provider demands authentication by username/password.
Perhaps you could try with other SSH client: "openssh-client" seems to be available in the LEDE repos; perhaps it can do user-based authentication.
ErwinL
November 20, 2017, 7:21pm
6
Perhaps there could be a solution for my problem, but I don't have enough knowledge to understand this
https://www.exratione.com/2014/08/bash-script-ssh-automation-without-a-password-prompt/
Is there a special reason why the DROPBEAR_PASSWORD option is disabled in LEDE?
Per
November 20, 2017, 7:52pm
7
Try adding this to the init script before the loop (untested):
echo '#!/bin/sh' > /tmp/printpw
echo 'echo password' > /tmp/printpw
chmod +x /tmp/printpw
and then log in like this:
SSH_ASKPASS=/tmp/printpw ssh -y username@ip.of.remote.host
Replace password with the actual password.
ErwinL
November 20, 2017, 8:13pm
8
If I try
SSH_ASKPASS='password' ssh -y username@ip.of.remote.host
from routers commandline, then remote host still asks for password.
Per
November 20, 2017, 8:39pm
9
Yes, because 'password' is not a script so it fails.
ErwinL
November 20, 2017, 9:04pm
10
root@LEDE:~# echo '#!/bin/sh'>/tmp/printpw
root@LEDE:~# echo 'echo mypwd'>>/tmp/printpw
root@LEDE:~# chmod +x /tmp/printpw
root@LEDE:~# SSH_ASKPASS=/tmp/printpw ssh -y root@192.168.1.21
ssh:
Host '192.168.1.21' key accepted unconditionally.
(ssh-rsa fingerprint md5 17:83:d5:f7:0e:b6:d2:40:5a:db:25:a5:53:2a:3e:6d)
root@192.168.1.21's password:
ends with password prompt too.
I'm surprised that a school would allow students to log in to one of their servers as "root"...
ErwinL
November 20, 2017, 9:37pm
12
I'm testing at home and the remote host is my NAS.
At students hostel my username is not root.
mk24
November 20, 2017, 9:48pm
13
Perhaps this can be done by installing openssh-client (memory permitting) and using it instead of dropbear.
For security reasons, I can see why root would not allow auto logins.
You may need to set up an account that has similar permissions as your student username in order to test.
ErwinL
November 20, 2017, 9:53pm
15
My NAS allows password login for root.
The router with old dd-wrt version, with DROPBEAR_PASSWORD option, does auto login for root in my testing environment at home. And works at student hostel too.
But not anymore, and probably for good reason.
ErwinL
November 20, 2017, 10:09pm
17
My TL-WR710N V1.2 has 8MB Flash and 32MB Ram. Is this sufficient to install openssh-client?
How do I install openssh-client?
ErwinL
November 20, 2017, 10:13pm
18
The problem is not, that the user is "root", but the DROPBEAR_PASSWORD option is disabled.
Per
November 20, 2017, 10:23pm
19
Seems SSH_ASKPASS is for getting a passphrase and not a password, so it won't work that way
ErwinL
November 20, 2017, 10:33pm
20