ssh from dd-wrt router to other host without password needed

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
Author Message
bthoven
DD-WRT Novice


Joined: 23 Sep 2019
Posts: 27

PostPosted: Mon Oct 07, 2019 5:33    Post subject: ssh from dd-wrt router to other host without password needed Reply with quote
I just have my first dd-wrt router; and I want to ssh from my router to my other destination servers without entering the destination server password.

Usually I can run command 'ssh-keygen' to generate both private and public keys; but dd-wrt doesn't have such command. So I use 'dropbearkey' command instead.

Firstly, I ssh to my dd-wrt router from my laptop, then run command:

Code:
dropbearkey -t rsa -f ~/.ssh/id_dropbear


it will generate a 2048-bit private key file named 'id_dropbear' in root folder '/.ssh', as '/.ssh/id_dropbear'.

It will also display the public key pair and fingerprint on the screen. I just copy the public key content from screen and keep it somewhere else for future use (anywhere, doesn't matter).

If you want to ssh from your dd-wrt router to any destination host, just copy and paste the public key content into the authorized_keys file (if not exist, just create it); for example, on Ubuntu you can add the public key at either the root or user level depending upon your usage, ie. in './ssh/authorized_keys' or '/home/username/.ssh/authorized_keys' file.

Hope this help
Sponsor
legolas
DD-WRT Novice


Joined: 22 Feb 2017
Posts: 26

PostPosted: Sat Aug 07, 2021 5:12    Post subject: Reply with quote
Hello, thank you for this explanation, cant login using DROPBEAR_PASSWORD variable but i managed to connect to host using keys.
For routers with read only flash memory, you can write a startup script to rebuild the private key file.
To export priv key to hex format:
Code:
hexdump -v -e '1/1 "%02x"' ~/.ssh/id_dropbear


Now put the private key in a startup script; for some reason you need to split them, otherwise it will corrupt the variable.
Code:
KEY=first_half
KEYr=second_half_key
KEY2=$(echo -ne $KEY$KEYr  | sed -e 's/../\\x&/g')
echo -ne $KEY2 > /tmp/root/.ssh/id_dropbear


edit: for some reason, just putting the code above in startup script does not work, so you can save as custom script and call it at startup
Be sure that the router is secure, because with this information, anyone can log in to your server.

_________________
In use, community ISP:
1 tplink WR842ND; 2 WR741N; 3 WR740N : with DD-WRT
1 mymax WR934-BK "original" firmware
1 d-link dsl-2740e with Totolink ND300
2 Sagem F@ST2704 with OpenWrt
1 wavlink ND300
1 wrt54g
waiting:
1 wrt54g
airgrid m5 bullet
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum