Posted: Thu Mar 29, 2012 8:56 Post subject: SSH Public and Private Keys
Hello, I've searched this on the forum and google and couldn't find what I was looking for. Plus the search on this board can't search by subject line only and returns a ton of unrelated posts on "SSH public private keys" or any combination of that with or without quotes. I've read the wiki, have all my DynDNS and port forwarding set up. This is just a general question.
Let's just stick to the basics. My question is on SSH. I understand the concept of this but not the specifics. I've generated the public and private keys using Putty on windows and ssh on a mac and still don't understand what goes to what. For example, I know the public key needs to go into the "authorized keys" on the DD-WRT router but do I include EVERYTHING or just the key.
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20120329"
AAAAB3NzaC1...deXU=
---- END SSH2 PUBLIC KEY ----
Do I have to just copy the key alone or do I need all the "meta data" or whatever it is? I also understand that line breaks need to be taken out, so I have been doing that.
Next question, do I paste the private key on the computer that I'm trying to use to SSH into my router? I've been SSHing into my router using my mac and pasted the private key into the known_hosts file under the .ssh folder but it keeps putting my public key in there. So this would be my known_host file on my Mac
Inside terminal on the Mac, I would run ssh root@domain.com and would get
The authenticity of host 'domain' (68.125.78.32)' can't be established
RSA key fingerprint is f6:xx:xx:xx:xx...
Are you sure you want to continue connecting (yes/no)
Selecting no kicks me out and does nothing, selecting yes gets me into DD-WRT's ssh with my router password. After inspecting the known_host file on my Mac after selecting yes puts the ROUTER'S PUBLIC key in there. So my question is what is the point of the private key? And how do I know that my ssh is really secure using a public/private key pair? I can throw commands at my router through SSH but just want to ensure my connection is secure. Thank you.
You could import the private key into puttygen and then save it as private and as public key in putty format. DD-WRT accepts copy/paste from puttygen. _________________ 2 times APU2 Opnsense 21.1 with Sensei
2 times RT-AC56U running DD-WRT 45493 (one as Gateway, the other as AP, both bridged with LAN cable)
3 times Asus RT-N16 shelved
E4200 V1 running freshtomato 2020.8 (bridged with LAN cable)
3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running freshtomato 2020.8 (bridged with LAN cable)
so the public key is set into the host (dd wrt router) and the client (my macbook)? And the private key is ONLY used to recover the public key if lost? Thanks.
so the public key is set into the host (dd wrt router) and the client (my macbook)? And the private key is ONLY used to recover the public key if lost? Thanks.
No, putty/ssh uses the private key to authenticate the connection to the router. So, putty/ssh has to have the private key. In the router you enter the public key corresponding to that private key. If you don't have a private key, generate one, e.g. with ssh-keygen . It should not be the same as the router's private key, because it is perhaps specific to the firmware build, so everybody with the same firmware could have the same private key for the router. _________________ 2 times APU2 Opnsense 21.1 with Sensei
2 times RT-AC56U running DD-WRT 45493 (one as Gateway, the other as AP, both bridged with LAN cable)
3 times Asus RT-N16 shelved
E4200 V1 running freshtomato 2020.8 (bridged with LAN cable)
3 times Linksys WRT610N V2 converted to E3000 and 1 original E3000 running freshtomato 2020.8 (bridged with LAN cable)
If it works, it's kinda like that. Maybe I stated it wrong. I assumed I could use my web gui username, forgot ssh only works with root. Whereas something like my raspberry pi you can ssh as any user.
Copy paste the public key from the puttygen window has the format you show and it works.