Topic: Public Key Auth with dropbear and Kamikaze (Kernel 2.4)

Hi,
I am trying to login to my router by public key auth.
The key was generated with puttygen and my router is a Asus WL-500g Delux with Kamikaze (Kernel 2.4).
Up to now I tried all solutions made for White Russian but up to now, I was not able to add my public key to the Routers authorized keys.
Tried to copy the key to /etc/dropbear/authorized_keys -> Did not work
Tried to copy the key to /var/.ssh/authorized_keys -> Did not work (and yes, I know var will be deletet on router reboot (well at least I think so since it is also /tmp which will be erased due to being a RAM-Disc))
Also tried to generate the key with dropbearkey but still it does not work.

How do I make the key known to the router?
Is were even a way to not have to tip "root" everytime on login? I mean, root is supposed to be the only user on the system (besides the system itself) so there would ne no need to tip it every time.

With best regards and terrible english
p90

2 (edited by MMCM 2007-06-27 14:18:28)

Re: Public Key Auth with dropbear and Kamikaze (Kernel 2.4)

putty, openssh and dropbear use different formats for private and public keys.
Generate your private key with puttygen (save it for use with putty), export as openssh format with puttygen and use dropbearconvert to convert from openssh to dropbear format. Then use dropbearkey -y -f ... to print the public key.
Add the public key to /etc/dropbear/authorized_keys on the router.
Works fine for me.

Edit: I tried to paste the contents of the public key for openssh field in puttygen into the /etc/dropbear/authorized_keys file on the router, and it worked, without all that conversion stuff :-)
Maybe you forgot to specify root as the login name in putty (Connection - Data - Auto-login username)?

Re: Public Key Auth with dropbear and Kamikaze (Kernel 2.4)

hm,
generated a new key with putty (SSH-2RSA), copied the publickey to the router, made a cat pub.key>authorized_keys
Made a reboot.
Still putty says: Server refused our key
But was able to fix the root thing. Had really forgotten to place the "root" in local username and so on.

Re: Public Key Auth with dropbear and Kamikaze (Kernel 2.4)

wow, this looks easy I want to try -- thought Joska
not working yet? let's put the password auth to off

result:
Can I connect with ssh to router? -- NO
telnet? -- NO

I will try the failsafe when I will have to change a setting until that the configuration is well preserved -- no access to the router ;-)

Asus WL-500G Deluxe - OpenWrt Kamikaze 8.09.2-RC2

Re: Public Key Auth with dropbear and Kamikaze (Kernel 2.4)

zsjoska wrote:

wow, this looks easy I want to try -- thought Joska
not working yet? let's put the password auth to off

result:
Can I connect with ssh to router? -- NO
telnet? -- NO

I will try the failsafe when I will have to change a setting until that the configuration is well preserved -- no access to the router ;-)

Well I do not get the meaning of your post.
Up to now, I havent had such a problem in any way so that did
you try to tell me?

Re: Public Key Auth with dropbear and Kamikaze (Kernel 2.4)

p90 wrote:

hm,
generated a new key with putty (SSH-2RSA), copied the publickey to the router, made a cat pub.key>authorized_keys
Made a reboot.
Still putty says: Server refused our key
But was able to fix the root thing. Had really forgotten to place the "root" in local username and so on.

Is the public key in openssh format? Dropbear will work with openssh keys.

7 (edited by forum2006 2007-06-28 23:14:56)

Re: Public Key Auth with dropbear and Kamikaze (Kernel 2.4)

1. Create a public key in OpenSSH format, copy to /etc/dropbear/authorized_keys and make sure it works.

2. Disable password auth for Dropbear with UCI
uci set dropbear.cfg1.PasswordAuth=off

3. If you are sure commit the UCI configuration
uci commit dropbear

4. Restart Dropbear
/etc/init.d/dropbear restart

Now Dropbear no longer accepts password logins.

Tested with SecureCRT and works fine.

1x ASUS WL-700g Encore (Kamikaze 7.09, BCM947xx//953xx [2.4])
1x ASUS WL-500g Premium with Wistron CM9 WiFi card (Kamikaze 7.09, BCM947xx//953xx [2.4])
1x Linksys WRT54GL v1.1 with 512MB MMC card mod, optimized MMC driver (Kamikaze trunk r9548, BCM947xx//953xx [2.4])
NO support via PM.

8 (edited by p90 2007-07-08 02:22:07)

Re: Public Key Auth with dropbear and Kamikaze (Kernel 2.4)

Hi,
ok, retested it and it still does not work.
Its always like this:
Using username "root".
Server refused our key
root@192.168.0.1's password:
(as mentioned before, password auth is still active since public key does not work)
@placebo:
Well, I do not know if it is a OpenSSH key. How can I look it up?
But since you said it must be an OpenSSH key I tried a key generated by https://www.lagmonster.org/cgi-bin/keygen.cgi which claims to generate openssh keys but still it did not work
Also the wiki says that puttygen should be used for Key generation so I thing it should normaly work.

@forum2006
Well, point 1 does not work so no need to deactivate the password auth.

[EDIT]
I retried all steps, but this time I used Linux to generate the Key.
And guess what?
It works like a charm!!
So it was realy a prob of puttykeygen.
I really have to thank all of you for
your help!

9 (edited by cak 2008-11-24 02:46:59)

Re: Public Key Auth with dropbear and Kamikaze (Kernel 2.4)

I'm trying to go down this path, using the VanDyke SecureCRT client on windows. It generates public keys that look like

---- BEGIN SSH2 PUBLIC KEY ----
Subject: cak
Comment: "cak@Boris"
ModBitSize: 1024
AAAAB3NzaC1kc3MAAACBALjRhSwa6UnxbuET3n0U0FJY6KxSJGF3RDjK1++Utd2g1Kno
pOMXJH2svpJRyNOiGzefyPMssGU/3QA414oitKbtRrgSQH5QWTDL1gE7OyaKkwdcYc0O
8hAQ+dzWVFktu0Y5aqFJZOkPOMImaYBZ3sjBqv9ga1QW1sQ4HE6nnJU1AAAAFQCUekSU
9cp9PCEpWntxhApVHiaqbQAAAIA/l7/mn920/LTRY6Lmol0MdVZ/ius2zQLRclvZK0ul
ke73ky3z35cWGP4uE0/Ltn5t0DbbYTvUHSzNGG46EVJWM6ezkqGQS+2PFebJXJtQo6vJ
d2JZdZEmQ6UYGA7ohaIVlLG2mj4JtDNiuBG6mSBsb6K2tYZE5ZJ8xEHKaqnjxAAAAIA5
Pb/+iSMWfpBf2Ytdhqq7Ss52HXBbxJUVieNLLnrbNuAlvrZCSOQepK2o1dL7WYTNy7Eg
B6STllQRtlSqSTy3LeuWmVQfztzSEiCqJbdBkgqGxjX2V+3ObwzvN+svzuVeCxppe5LC
YyMC397r3VH1doPLiZkzXLoCNBUP9T5Z9Q==
---- END SSH2 PUBLIC KEY ----

I tried deleting everything except the key itself and pre-pending "ssh-dsa", I got rid of the ^M characters, but no joy. Is there some sort of dropbear debugging log that I can get at?

[EDIT]

Oho! The SecureCRT help file told me what to do...

ssh-keygen -i -f Identity.pub > authorized_key

I did this on another unix box, then copied the key to the WRT, and it worked like a charm. Now I used the techniques in

http://forum.openwrt.org/viewtopic.php?id=11957 and http://wiki.openwrt.org/DropbearPublicK … ationHowto

to make this remote box accessible in an emergency :-)