LEDE/OpenWRT — How to set up Dropbear public key authentication
First off make sure that you have an SSH client on your computer. For Windows you will want to download PuTTY.
Generating your Key
To create your key we will be using ssh-keygen, or if you are a Windows user, use puttygen.exe.
Just use the following command to generate your ssh-key.
ssh-keygenAdd your key to your LEDE/OpenWRT device
To add the key to the authorized_keys file on your LEDE/OpenWRT device, on your PC enter the following command, replacing 192.168.1.1 with your LEDE/OpenWRT device IP.
ssh-copy-id root@192.168.1.1The key is added to the /root/.ssh/authorized_keys file on your LEDE/OpenWRT device.
Next we want to add the key to dropbear, so SSH into our LEDE/OpenWRT device and enter the following command.
cp /root/.ssh/authorized_keys /etc/dropbear/We need to make sure that the permissions are set correctly, so enter in the following commands.
chmod 700 /etc/dropbear
chmod 600 /etc/dropbear/authorized_keysSSH to your LEDE/OpenWRT device using your key
If everything was done correctly you can now log into your device using the key, not asking you for a password.
If you are using Windows then start PuTTY and follow these steps:
- Session > Host Name: LEDE/OpenWRT device’s IP address. Set connection type to SSH
- Connection > Data > Auto-login username: root
- Connection > SSH > Auth > Private key file for Authentication: Click browse and select the key you generated before
- Session > Saved Sessions: Enter a name for your session and click the Save button
If you are connecting via terminal, then just SSH to your LEDE/OpenWRT device using the following command, where 192.168.1.1 is your LEDE/OpenWRT device’s IP address.
ssh root@192.168.1.1(Optional) Added security
One additional change you can make to increase security is disable Dropbear’s password login.
To do this, while connected via SSH to your LEDE/OpenWRT device, enter the following commands
uci set dropbear.@dropbear[0].PasswordAuth=off
uci commit dropbearIf you found this post helpful please let us know by clicking the ♥ below.
This blog was brought to you by Cucumber Wi-Fi. Cucumber helps you run a more efficient Wi-Fi network. Check it out here.
Cucumber Wi-Fi — control any (Wi-Fi) device from the cloud.
