SSH Key Copy Issue - Permission Denied on /etc/dropbear/authorized_keys

palamos · 2025-04-19T06:50:31.773Z

I'm encountering a "Permission denied" error when trying to use ssh-copy-id to set up key-based authentication on a remote device (IP address 192.168.1.1). The specific error message is:

> ssh-copy-id user@192.168.1.1

sh: can't create /etc/dropbear/authorized_keys: Permission denied

I've already taken the following steps on the remote device to prepare it for SSH access:

opkg update
opkg install shadow

useradd user
passwd user

groupadd ssh
usermod -aG ssh user

mkdir /home
cd /home/
mkdir user

chown user:user /home/user
chmod 755 /home/user

cd /etc/config/
nano dropbear


# Configuration in /etc/config/dropbear:
# config dropbear main
#         option enable '1'
#         option PasswordAuth 'on'
#         option RootPasswordAuth 'on'
#         option Port           '22'
#         option PubkeyAuth 'on'
# #       option BannerFile   '/etc/banner'

usermod -s /bin/sh user

service dropbear restart

From my understanding, ssh-copy-id attempts to create or append to the authorized_keys file, which in this case seems to be located at /etc/dropbear/authorized_keys (the default for Dropbear).

The "Permission denied" error suggests that the user I'm trying to SSH in as (user) doesn't have the necessary write permissions to this directory or file.

Could anyone shed some light (with a step-by-step solution) on why this might be happening, given the steps I've taken?

Are there specific permissions I might have overlooked on the /etc/dropbear/ directory itself, or is there a different location where Dropbear might be expecting the authorized_keys file?

Note I want to keep my pub RSA key which I generated with openSSH for other machines.

Any insights or suggestions on how to resolve this would be greatly appreciated.

Thanks in advance.

elbertmai · 2025-04-19T08:32:25.258Z

palamos:

Could anyone shed some light (with a step-by-step solution) on why this might be happening, given the steps I've taken?

Each user has their own authorized_keys file. The /etc/dropbear/authorized_keys file is for the root user and can only be written to by root. This has to be the case, since allowing one user to modify another user's authorized_keys is a huge security hole.

palamos:

is there a different location where Dropbear might be expecting the authorized_keys file?

The authorized_keys file for your user user should be at /home/user/.ssh/authorized_keys. I'm not sure why ssh-copy-id is appending to the wrong file. Does it work if you log in as user and manually add your key to ~/.ssh/authorized_keys?

palamos · 2025-04-19T08:55:47.242Z

elbertmai:

The authorized_keys file for your user user should be at /home/user/.ssh/authorized_keys. I'm not sure why ssh-copy-id is appending to the wrong file. Does it work if you log in as user and manually add your key to ~/.ssh/authorized_keys?

Indeed, I manually created the ~/.ssh/authorized_keys and copied into it my public key.pub. It works.