I installed 23.05.0-rc3 r23389-5deed175a5 on my Ubiquiti EdgeRouter X (was on 22.03.5) .
I had previously extracted the public portion of dropbears dropbear_rsa_host_key and inserted it into my Linux laptop's authorized keyfile. I was then able to ssh to the laptop with no password.
After this upgrade it now asks for a password(the laptop) .I verified the public portion of dropbears dropbear_rsa_host_key hasn't changed .
I tested my other 2 openwrt devices still on 22.03.5 and they still work .
What have I missed ?
I think your router's host key be in the client's
.ssh/known_hosts, which suppresses the initial "unknown host, do you trust it?" message. You should take the client-side
id_rsa.pub file and put that on the router in
/etc/dropbear/authorized_keys to complete the connection.
Edit: assuming you're using rsa, otherwise
id_xxx.pub for some value of
That was done previously and is why I can ssh to the router from the laptop without issue . Its ssh'ing from the router to the laptop that no longer works
Ok, that's weird. Try
ssh -v laptop and see what it tells you? Add more
-vs as needed. Usually that gives you enough info to see where it's falling down.
[And I can't go without saying I'd be somewhat concerned about storing credentials for client devices on my edge device, it's not very good security practice.]
dropbear ssh does not have a "-v" option , I tried that
Why not run
dropbearkey -t rsa -f ~/.ssh/id_dropbear and paste the public key into the laptop’s
Or specify the keyfile:
ssh -i /etc/dropbear/dropbear_rsa_host_key user@laptop
So doing that 'fixed' it though it does not explain what changed on 23.05-rc3 that necessitated doing this .
Were there any logs on the laptop’s SSH server? Maybe the dropbear update between releases became more stringent in some manner.
Put in your backup config both
/root/.ssh/known_hosts and your key Ex.
/etc/dropbear_host_ed25519_key to persist upgrades.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.