Posted: Thu May 24, 2012 16:50 Post subject: SSH remote access with guest (non-root) account and P/P Keys
First of all, thanks for this excelent firmware!
Second, my issue. I did search the forum for this issue with no luck. While there were some posts, none of them had a clear solution. I hope I can wrap up all my findings with this.
Objective: The idea is to tunnel traffic through my home connection when surfing in public hotspots and share this with relatives and friends.
Status: I'm trying to create a guest account to login remotely using SSH to my router using public/private keys (not password authentication - to be 99% sure it is secure). However, I don't want people logging in to my router's shell with full root rights. This is the reason for creating a guest account to access via ssh and tunnel its traffic.
Specs: I'm using linskys WRT54G2 v1, running dd-wrt v24sp2 (02/02/09) micro plus ssh (I don't think I can push it any more, can I?)
Context: I'm currently able to login remotely to the router and tunnel traffic through it. Both via password and Public/Private keys using the root user. No luck with my custom created guest user.
I'm not an expert neither in Linux/Unix nor DD-WRT, but I think I managed to create the guest account: I can both telnet and password-login remotely via ssh with guest account. I attached this code to the startup scripts to avoid losing it after rebooting the router:
I'm not 100% sure of all the variables involved there, but I think I understand most of it. The part I don't understand is why guest is repeated so many times and there's a "Guest User" part I don't completely get what role it plays.
Problem: When I try to log in remotely with public/private keys with my newly created GUEST user, putty outputs:"server refused our key".
I'm obviously using the same key I use for root. I'm using "guest" as the user.
After that, I tried attaching to the previous startup code the following lines to copy root's keys into guest's keys:
Isn't there a way to convert the router into a "proxy" server? I seems to be exactly what I need but without the encryption that I might be able to handle with https... On the other hand, openvpn doesn't seem an elegant solution. I think it would be more complicated to implement and client-side configuration much more complicated if I'm not mistaken... (am I?)
Does the mega build allow you to authenticate with different users?