Ssh no password from router to laptop no longer works

I installed 23.05.0-rc3 r23389-5deed175a5 on my Ubiquiti EdgeRouter X (was on 22.03.5) .
I had previously extracted the public portion of dropbears dropbear_rsa_host_key and inserted it into my Linux laptop's authorized keyfile. I was then able to ssh to the laptop with no password.
After this upgrade it now asks for a password(the laptop) .I verified the public portion of dropbears dropbear_rsa_host_key hasn't changed .
I tested my other 2 openwrt devices still on 22.03.5 and they still work .

What have I missed ?

I think your router's host key be in the client's .ssh/known_hosts, which suppresses the initial "unknown host, do you trust it?" message. You should take the client-side file and put that on the router in /etc/dropbear/authorized_keys to complete the connection.

Edit: assuming you're using rsa, otherwise for some value of xxx....

That was done previously and is why I can ssh to the router from the laptop without issue . Its ssh'ing from the router to the laptop that no longer works

Ok, that's weird. Try ssh -v laptop and see what it tells you? Add more -vs as needed. Usually that gives you enough info to see where it's falling down.

[And I can't go without saying I'd be somewhat concerned about storing credentials for client devices on my edge device, it's not very good security practice.]

dropbear ssh does not have a "-v" option , I tried that

Why not run dropbearkey -t rsa -f ~/.ssh/id_dropbear and paste the public key into the laptop’s authorized_keys file?

Or specify the keyfile:

ssh -i /etc/dropbear/dropbear_rsa_host_key user@laptop

So doing that 'fixed' it though it does not explain what changed on 23.05-rc3 that necessitated doing this .

Were there any logs on the laptop’s SSH server? Maybe the dropbear update between releases became more stringent in some manner.

Put in your backup config both /root/.ssh/known_hosts and your key Ex. /etc/dropbear_host_ed25519_key to persist upgrades.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.